-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature(client-encrypt): enable peer verification for stress commands #9637
feature(client-encrypt): enable peer verification for stress commands #9637
Conversation
Peer verification is now enabled by default for cassandra-stress, scylla-bench, and latte stress tools when client encryption is configured in Scylla. This ensures enhanced security by verifying if peer certificate is signed by the trusted CA and that the hostname/IP of the peer matches SAN specified in the peer's certificate. Closes: scylladb/qa-tasks#1728
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think at least one test should enabled it (maybe some from tier1, or upgrades)
At least some of them are used in tier1, e.g.: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
So used to be doing it the way around, so I didn't notice you did it by default |
Peer verification is now enabled by default for cassandra-stress, scylla-bench, and latte stress tools when client encryption is configured in Scylla. This ensures enhanced security by verifying if peer certificate is signed by the trusted CA and that the hostname/IP of the peer matches SAN specified in the peer's certificate.
Closes: https://github.com/scylladb/qa-tasks/issues/1728
Testing
PR pre-checks (self review)
backport
labelsReminders
sdcm/sct_config.py
)unit-test/
folder)