We're updating the issue view to help you get more done. 

Do not add entire chain to truststore when accepting unrecognized certificate

Description

When Spark tries to connect to a server that offers a certificate chain that it cannot verify, it currently will offer to add it to its truststore. When it does, it seems to add all certificates from the entire chain to the truststore. I think this is incorrect, as this means that all other certificates that are issued by the intermediates or root will suddenly also be accepted by Spark. Instead, Spark should only add the end-entity certificate.

Environment

None

Acceptance Test - Entry

None

Assignee

Unassigned

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Components

Priority

Major
Configure