We're updating the issue view to help you get more done. 

The option to ignore certificate expiry not working

Description

When Spark connects to a server, it can use TLS. When that happens, the certificate chain as presented by the server is validated.

A certificate has a time period in which it is valid: can have expired or not be valid yet. Typically, certificate validation should fail if the certificate offered by the server is not valid.

Spark has an option to ignore date/time-type certificate validation, allowing a certificate that is expired (or not valid yet) to be used, assuming that it meets all other validation criteria. This configuration option is currently not working properly: even when enabled, it will still reject a certificate that's not valid.

Note that this bug was obscured by another issue that got recently fixed, most likely SPARK-2185.

Environment

None

Acceptance Test - Entry

None

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Components

Fix versions

Affects versions

Priority

Major
Configure