[
https://issues.apache.org/jira/browse/GEODE-5227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Addison updated GEODE-5227:
---------------------------
Priority: Minor (was: Major)
> Perform meaningful validation on keystore and truststore files when using SSL
> -----------------------------------------------------------------------------
>
> Key: GEODE-5227
> URL: https://issues.apache.org/jira/browse/GEODE-5227
> Project: Geode
> Issue Type: Improvement
> Components: native client
> Reporter: Ryan McMahon
> Priority: Minor
>
> *_As_* a customer
> *_I want to_* get meaningful error feedback when I provide invalid paths or
> file contents for `ssl-keystore` or `ssl-truststore`
> *_So that_* I can fix the problem without guess-work
> If you provide invalid path (e.g. non-existent) for the `ssl-keystore` or
> `ssl-truststore` config properties, the SSL handshake still proceeds and
> fails with an obscure error message
> "TcpSslConn::connect failed with errno: 336462231: Unknown error"
> and in the locator logs we get:
> "javax.net.ssl.SSLHandshakeException: null cert chain"
> You get a similar error if the .pem file contents are malformed or out of
> order.
> We should do proper validation on the .pem files provided in `ssl-keystore`
> and `ssl-truststore` and provide a meaningful error if they are not found or
> malformed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
