activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric White (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake
Date Thu, 10 Apr 2008 09:16:43 GMT
SSL Transport configured in wantClientAuth mode never asks for the client certificate during
the SSL Handshake
--------------------------------------------------------------------------------------------------------------

                 Key: AMQ-1659
                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
             Project: ActiveMQ
          Issue Type: Bug
          Components: Transport
    Affects Versions: 4.1.1
         Environment: I think this is for all environments, it may be JDK dependent though.

I tested on:
Linux  2.6.20-gentoo-r7
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
            Reporter: Eric White
             Fix For: 4.1.1


See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)

"
A socket's client authentication setting is one of the following:

    * client authentication required
    * client authentication requested
    * no client authentication desired 
"

In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth it
will override the call to the other.

Therefor I believe the following code only allows for ActiveMQ to be in two states:
* Client Authentication Required (needClientAuth==true)
* No client Authentication Desired (needClientAuth==false)

activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java


As setWantClientAuth is overridden by setNeedClientAuth.
public void bind() throws IOException {
  super.bind();
  ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
  ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
}

I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message