[jboss-jira] [JBoss JIRA] (JGRP-2214) SSL_KEY_EXCHANGE: add hook to verify SSL session credentials
Bela Ban (JIRA)
issues at jboss.org
Tue Aug 29 02:47:00 EDT 2017
Bela Ban created JGRP-2214:
------------------------------
Summary: SSL_KEY_EXCHANGE: add hook to verify SSL session credentials
Key: JGRP-2214
URL: https://issues.jboss.org/browse/JGRP-2214
Project: JGroups
Issue Type: Feature Request
Affects Versions: 4.0.5
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 4.0.6
In {{SSL_KEY_EXCHANGE}}, when an SSL session has been established, we're sure that the credentials of the server and client are OK.
However, an additional check might be required, e.g. that the CN in the peer's certificate always matches a given pattern, or that the org always is "IBM" (for example).
If this is not the case, terminate the SSL connection.
Todo: add the fully qualified name of a class and an argument (e.g. the pattern). An instance of the class will be created and initialized with the pattern. When an SSL session has been created ({{connect()}} on the client, {{accept()}} on the server), the {{verify()}} method in the instance is called and it needs to throw a {{SecurityException}} if the session cannot be accepted.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list