SSL_KEY_EXCHANGE: add hook to verify SSL session credentials ------------------------------------------------------------ Key: JGRP-2214 URL: https://issues.jboss.org/browse/JGRP-2214 Project: JGroups Issue Type: Feature Request Affects Versions: 4.0.5 Reporter: Bela Ban Assignee: Bela Ban Fix For: 4.0.6 Attachments: CertficateCNMatcher.java In {{SSL_KEY_EXCHANGE}}, when an SSL session has been established, we're sure that the credentials of the server and client are OK. However, an additional check might be required, e.g. that the CN in the peer's certificate always matches a given pattern, or that the org always is "IBM" (for example). If this is not the case, terminate the SSL connection. Todo: add the fully qualified name of a class and an argument (e.g. the pattern). An instance of the class will be created and initialized with the pattern. When an SSL session has been created ({{connect()}} on the client, {{accept()}} on the server), the {{verify()}} method in the instance is called and it needs to throw a {{SecurityException}} if the session cannot be accepted.