Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Mario Ivanac
Hi geode dev, as a part of solution for https://issues.apache.org/jira/browse/GEODE-7414 we would like to introduce new config property "ssl-server-name-extension". This property will contain generic string, which will be added as Server Name Indication (SNI) parameter to Client Hello message.

Re: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Bruce Schuchardt
+1 On 11/19/19 3:26 AM, Mario Ivanac wrote: Hi geode dev, as a part of solution for https://issues.apache.org/jira/browse/GEODE-7414 we would like to introduce new config property "ssl-server-name-extension". This property will contain generic string, which will be added as Server Name Indica

Re: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Charlie Black
I have read the e-mail and the ticket I am not sure how this field is going to be used. Maybe you can expand on the intent of this field. >From the property "ssl-server-name-extension" it feels like we are intending to correlate with something presented in the SSL certificate. It would be great

Odg: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Mario Ivanac
Hi all, this proposal and ticket are result of mail discussion "Special certificates for multisite": https://lists.apache.org/thread.html/2418dd1b5f9ae812daa48a51a8d2eb252a3c861a890264f47da3a4d3@%3Cdev.geode.apache.org%3E BR, Mario Šalje: Charlie Black Poslano

Re: Odg: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Charlie Black
The SSL handshake is done *before* the Geode handshake.So additions to the Geode handshake protocol will not affect SSL connections since the secure socket connection has already been negotiated and the Geode handshake is encrypted. Charlie On Tue, Nov 19, 2019 at 9:06 AM Mario Ivanac wrote:

Errored: apache/geode-native#2215 (develop - 13caf57)

2019-11-19 Thread Travis CI
Build Update for apache/geode-native - Build: #2215 Status: Errored Duration: 22 secs Commit: 13caf57 (develop) Author: Alberto Bustamante Reyes Message: GEODE-7451: Fix cert & priv key add order (#550) View the changeset: https://github.com/apache/geode-nati

Re: Release candidate target date...

2019-11-19 Thread Mark Hanson
Hello Geode Dev Community, As I will be doing a building a release candidate in about 5 hours. I am not aware of any serious issues at this moment. If you have any last minute checkins for 1.11.0, now is the time. Thanks, Mark > On Nov 12, 2019, at 3:00 PM, Mark Hanson wrote: > > Hello Geode

Odg: Odg: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Mario Ivanac
Hi, as described before: This property will contain generic string, which will be added as Server Name Indication (SNI) parameter to ClientHello message. ClientHello message is part of SSL handshake. Mario Šalje: Charlie Black Poslano: 19. studenog 2019. 18:20

Re: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Dan Smith
Can you clarify which connections will use this ssl-server-name-extension as part of the Client Hello? client to locator, client to server, server to server, WAN site to WAN site, ... all of the above? I'm fine with adding the new property. At some point, I think we need to think about making it

Re: Odg: Odg: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Charlie Black
Sorry - I had sent the e-mail to Mario directly. Also thanks for hanging in there with me through this. The ClientHello message is what is throwing me.As long as the SNI behaves like the extension to the standard I am fine.Meaning if "openssl s_client -connect server:port -servername ser

Access to upload Apache Geode to Docker Hub.

2019-11-19 Thread Mark Hanson
Hi, I would like to have access to upload to Docker Hub, so I can release Apache Geode to Docker Hub. My DockerHub ID is mhansonp. Thanks, Mark

Re: Access to upload Apache Geode to Docker Hub.

2019-11-19 Thread Alexander Murmann
Done On Tue, Nov 19, 2019 at 3:51 PM Mark Hanson wrote: > Hi, > > I would like to have access to upload to Docker Hub, so I can release > Apache Geode to Docker Hub. > > My DockerHub ID is mhansonp. > > Thanks, > Mark

Re: Proposal of new config property "ssl-server-name-extension"

2019-11-19 Thread Jens Deppe
I'd like to add my comment from the original PR here again: Although I support the particular use case, I would prefer the implementation being a bit more abstracted. Specifically, if we provided an extension point which would allow modification of SSLParameters then we wouldn't be coupling to a

[DISCUSS] Shall we change the docs to indicate that default setting of enableLocalCache is false for client/server in the Tomcat module

2019-11-19 Thread Eric Shu
Dear Geode, Here is the current documentation on enableLocalCache for default configuration in Tomcat module (Changing the Default Geode Configuration in the Tomcat Module ) *enableLocalCa

Re: [DISCUSS] Shall we change the docs to indicate that default setting of enableLocalCache is false for client/server in the Tomcat module

2019-11-19 Thread Eric Shu
Dear Geode, It seems that issue seen in GEODE-7477 is only for the Tomcat Testing (which overrides the default setting.) So current Geode implementation for default configuration is correct for Tomcat module. So we do not need to discuss whether we should change the implementation based on the ab