Provide option in OpenZipkin/Cassandra StorageType to turn On/off Hostname verification #3427
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please first, look at existing issues to see if the feature has been requested before. If you don't find anything tell us what problem you’re trying to solve. Often a solution already exists! Don’t send pull requests to implement new features without first getting our support. Sometimes we leave features out on purpose to keep the project small.
Feature
Currently, There is no option in Zipkin-Casandra Storage type to enable/disable Hostname Verification. By default , Host name verification defaults to True.
Rationale
Sometimes, in test levels the jks certifciate doesn't contain all the SAN entries and hence having default cassandra behavior of having host name verification true , Hence, we can't integrate Cassandra to Zipkin.
Example Scenario
Having this feature, We can work with different certificate (with/without) SAN entries in Test and production environment. Since Cassandra provides the support to turn on/off this behavior, Zipkin should not block any feature of underlying technology.
Prior Art
datastax driver defaults to hostname verification, true:
https://github.com/datastax/java-driver/blob/4.x/core/src/main/java/com/datastax/oss/driver/internal/core/ssl/DefaultSslEngineFactory.java#L83-L85
Configuration for the java driver is here:
https://docs.datastax.com/en/developer/java-driver/4.11/manual/core/ssl/
Hostname-validation parameter that needs to get exposed.
Zipkin would need to expose the parameter to configure it, but it currently doesn't. We need another parameter like we have to enable/disable ssl for hostname verification too.
https://github.com/openzipkin/zipkin/blob/master/zipkin-storage/cassandra/src/main/java/zipkin2/storage/cassandra/internal/SessionBuilder.java
The text was updated successfully, but these errors were encountered: