Jared Stewart created GEODE-3640:
------------------------------------
Summary: Connect with --skip-ssl-validation should not require a
Keystore or Truststore
Key: GEODE-3640
URL: https://issues.apache.org/jira/browse/GEODE-3640
Project: Geode
Issue Type: Bug
Components: gfsh, security
Reporter: Jared Stewart
We are still requiring a Keystore and Truststore to be specified if a user
connects via gfsh with --skip-ssl-validation. We ought to be able to fall back
to the default JVM truststore in this case since we shouldn't be validating the
server's certificate, and thus shouldn't need a custom Truststore. And since
the gfsh client should not get its identity verified by the server, it should
not require a custom Keystore.
This is what happens currently if you omit those options:
{noformat}
gfsh>connect --use-http --url=https://locator-address/gemfire/v1
--user=username --password=******** --skip-ssl-validation
I/O error on GET request for "https://locator-address/gemfire/v1/index":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target; nested exception is
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
