Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify SSL server certificates #1

Merged
merged 12 commits into from
Jun 10, 2015
Merged

Verify SSL server certificates #1

merged 12 commits into from
Jun 10, 2015

Conversation

frsyuki
Copy link
Contributor

@frsyuki frsyuki commented May 13, 2015

This pull-request adds SSL server certificate verification and adds following related options:

  • ssl_no_verify: disable server certification verification. By default, connection fails if the server certification is not signed by one the CAs in JVM's default trusted CA list. (boolean, default: false)
  • ssl_trusted_ca_cert_file: if the server certification is not signed by a certificate authority, set path to the X.508 certification file (pem file) of a private CA (string, optional)
  • ssl_trusted_ca_cert_data: similar to ssl_trusted_ca_cert_file but embed the contents of the PEM file as a string value instead of path to a local file (string, optional)

frsyuki added 12 commits May 13, 2015 13:31
@frsyuki
Verify SSL server certification by default.
3c48228 
* Added ssl_no_verify option to trust any certifications.
* Added ssl_trusted_ca_cert_file option to use private CA
* Added ssl_trusted_ca_cert_data option to embed the contents of
  ssl_trusted_ca_cert_file in the configuration file.
@frsyuki
added serializable SSLPluginConfig to include certificate data read f…
a7780d1 
…rom local files to distributed executors
@frsyuki
fixed SSLPlugins.SSLPluginConfig
d2909af
@frsyuki
jackson-databind can call private getter methods
aac107e
@frsyuki
PEMParser.readObject returns X509CertificateHolder
4f57db7
@frsyuki
reimplemented SSLPlugins
8e23e94
@frsyuki
implemented SSL peer hostname verification
2d359f8
@frsyuki
added ssl_verify_hostname option
9850660
@frsyuki
changed ssl_no_verify -> ssl_verify
8022802
@frsyuki
implemented ssl_verify_hostname using SSLParameters.setEndpointIdenti…
4caa782 
…ficationAlgorithm(HTTPS)
@frsyuki
VerifyHostNameSSLSocketFactory.setSSLParameters doesn't throw IOExcep…
62ac571 
…tion
@frsyuki
updated README.md
9197a21
frsyuki added a commit that referenced this pull request Jun 10, 2015
@frsyuki
Merge pull request #1 from embulk/ssl-verify
f0bdd1c 
Verify SSL server certificates
@frsyuki frsyuki merged commit f0bdd1c into master Jun 10, 2015
@frsyuki frsyuki deleted the ssl-verify branch June 10, 2015 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@frsyuki