activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guy Allard (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (APLO-186) Using ?client_auth=need Still Allows SSL Connections with no Client Cert
Date Tue, 10 Apr 2012 02:25:17 GMT

    [ https://issues.apache.org/jira/browse/APLO-186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250409#comment-13250409
] 

Guy Allard commented on APLO-186:
---------------------------------

Hiram - That sounds right now that I think about it.

My test bed retries failing connections a specified number of times.

With a freshly started broker I am seeing one connect fail, and the retry succeed.  And no
connect ever fails at all after that.

I will get the snapshot tomorrow and test.

Thanks, Guy

                
> Using ?client_auth=need Still Allows SSL Connections with no Client Cert
> ------------------------------------------------------------------------
>
>                 Key: APLO-186
>                 URL: https://issues.apache.org/jira/browse/APLO-186
>             Project: ActiveMQ Apollo
>          Issue Type: Bug
>          Components: apollo-broker
>    Affects Versions: 1.2
>         Environment: Ubuntu 11.10
> java version "1.6.0_23"
> OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2)
> OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
> Apollo: apache-apollo-99-trunk-20120404.190241-13-unix-distro.tar.gz 
> Snips:
>     <authentication enabled="false"/>
>   <connector id="tls" bind="tls://0.0.0.0:62614?client_auth=need" 
> 	connection_limit="1000"/>
>   <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"
key_alias="servertj" />
>            Reporter: Guy Allard
>            Assignee: Hiram Chirino
>             Fix For: 1.2
>
>
> Using the above configuration, when an SSL client connects and does *not* provide a certificate,
the connection is allowed to proceed, and succeeds.
> This is either:
> a) a bug
> b) a configuration issue
> If the above configuration is insufficient for full SSL only authorization please advise
on the requirements.
> Thanks, Guy

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message