Thanks, checked the ticket which is about a client hostname verification,
but this is not an optimal solution for us; maintaining the allowed hosts
list is not convenient way, once new hosts added you have reissue a new
cert.and deploy it. What we are looking for is for example certificate
validation based on CN, which adds additional small level of security.
I'm also thinking to try OID "challengePassword" as a pre-shared key, but
thats not related to C*.
On Tue, Jul 10, 2018 at 10:43 AM Stefan Podkowinski wrote:
> You may want to keep an eye on the following ticket:
> https://issues.apache.org/jira/browse/CASSANDRA-13404
>
>
> On 09.07.2018 17:12, Vitali Dyachuk wrote:
> > Hi,
> > There is a certificate validation based on the mutual CA this is a 1st
> > factor, the 2nd factor could be checking the common name of the client
> > certificate, probably this requires writing a patch, but probably some
> > has already done that ?
> >
> > Vitali Djatsuk.
>
> -
> To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> For additional commands, e-mail: user-h...@cassandra.apache.org
>
>