SSL Configuration Fails Unless Fully Configured

[netclectic]

When setting up SSL configuration I have to set valid path, password and flags properties even when enable-ssl is set to false.

• Which Akka.Net version you are using

  • 1.3.9

• On which platform you are using Akka.Net

  • .Net Framework 4.7.2 on Windows 10 x64

• A list of steps to reproduce the issue. Or an gist or github repo which can be easily used to reproduce your case.

  • a node configured with the following hocon fails:

	enable-ssl = false
	
	ssl 
	{
		{
			path = "<valid certificate path>" 
			password = "<certificate password>"
			
			flags = [ "default-key-set" ] 
		}
	}                        

I would expect to be able to provide 'invalid' sample ssl configuration while 'enable-ssl' is set to false, the ssl configuration details should not be validated unless 'enable-ssl' is set to true.

N.B. the documentation says the default flags should be: "default-flag-set", while it appears the actual valid value is: "default-key-set".

[Aaronontheweb]

I would expect to be able to provide 'invalid' sample ssl configuration while 'enable-ssl' is set to false, the ssl configuration details should not be validated unless 'enable-ssl' is set to true.

yes, that sounds right to me - can we setup a reproduction spec for this? Because if what you're saying is true then Akka.Remote should always be catching fire whenever anyone uses it without explicitly setting up SSL, no?

[netclectic]

yes, that sounds right to me - can we setup a reproduction spec for this? Because if what you're saying is true then Akka.Remote should always be catching fire whenever anyone uses it without explicitly setting up SSL, no?

No, only if they've explicitly setup invalid SSL but regardless of whether 'enable-ssl' is true or false.

I haven't revisited this since I first reported it, I'll have a look and see if I can produce a spec.

[aminchenkov]

Hello. Any update on it? It is an issue for us as well.

[Aaronontheweb]

@aminchenkov no, we haven't done any work on this as I haven't heard much about this issue in 4 years. This should be an easy fix though - just need to disable SSL section validation in Akka.Remote unless it's loaded. PR's welcome.

[aminchenkov]

@Aaronontheweb , could you review #6038?
I think that this logic should be driven by EnableSsl setting, regardless if SSL section is defined or not. In our project it always will be setup, but EnableSsl configuration might be set to false, depending on an environment.

[Aaronontheweb]

That PR looks good. We'll include this fix inside the 1.4.40 release.

[aminchenkov]

That PR looks good. We'll include this fix inside the 1.4.40 release.

@Aaronontheweb , do you know release date?

[Aaronontheweb]

I don't - #6043 must be merged first since dev isn't the right branch for stable releases. v1.4 is. @eaba is working on it.

[aminchenkov]

@Aaronontheweb , thank you!

[Aaronontheweb]

Fixed in 1.4.40.