activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric White (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake
Date Thu, 10 Apr 2008 12:51:43 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=42172#action_42172
] 

ericdwhite edited comment on AMQ-1659 at 4/10/08 5:51 AM:
----------------------------------------------------------

https://issues.apache.org/activemq/secure/attachment/16327/amq-411-simple-version.patch

This file is for ActiveMQ 4.1.1

I have tested this file locally and it works for me.  

In this version only boolean properties are used.  This make it impossible to know if the
property was set on the Transport URL or not.

My personal belief is the complex version is better, but I supplied both as I'm unsure how
the maintainers would like to see the issue resolved.

      was (Author: ericdwhite):
    This file is for ActiveMQ 4.1.1

I have tested this file locally and it works for me.  

In this version only boolean properties are used.  This make it impossible to know if the
property was set on the Transport URL or not.

My personal belief is the complex version is better, but I supplied both as I'm unsure how
the maintainers would like to see the issue resolved.
  
> SSL Transport configured in wantClientAuth mode never asks for the client certificate
during the SSL Handshake
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1659
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 4.1.1
>         Environment: I think this is for all environments, it may be JDK dependent though.
> I tested on:
> Linux  2.6.20-gentoo-r7
> java version "1.6.0"
> Java(TM) SE Runtime Environment (build 1.6.0-b105)
> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
>            Reporter: Eric White
>             Fix For: 4.1.1
>
>         Attachments: amq-411-complex-version.patch, amq-411-simple-version.patch, amq-500-complex-version.patch,
amq-500-simple-version.patch
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
> "
> A socket's client authentication setting is one of the following:
>     * client authentication required
>     * client authentication requested
>     * no client authentication desired 
> "
> In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth
it will override the call to the other.
> Therefor I believe the following code only allows for ActiveMQ to be in two states:
> * Client Authentication Required (needClientAuth==true)
> * No client Authentication Desired (needClientAuth==false)
> activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
> As setWantClientAuth is overridden by setNeedClientAuth.
> public void bind() throws IOException {
>   super.bind();
>   ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
>   ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
> }
> I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message