activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Updated: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake
Date Thu, 10 Apr 2008 17:13:43 GMT

     [ https://issues.apache.org/activemq/browse/AMQ-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks updated AMQ-1659:
------------------------------

        Fix Version/s: 4.1.3
                       5.1.0
                           (was: 4.1.1)
    Affects Version/s: 5.0.0

with luck 4.1.2 is out the door.... should be able to get it in 5.1.0 though

> SSL Transport configured in wantClientAuth mode never asks for the client certificate
during the SSL Handshake
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1659
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 4.1.1, 5.0.0
>         Environment: I think this is for all environments, it may be JDK dependent though.
> I tested on:
> Linux  2.6.20-gentoo-r7
> java version "1.6.0"
> Java(TM) SE Runtime Environment (build 1.6.0-b105)
> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
>            Reporter: Eric White
>            Assignee: David Jencks
>             Fix For: 4.1.3, 5.1.0
>
>         Attachments: amq-411-complex-version.patch, amq-411-simple-version.patch, amq-500-complex-version.patch,
amq-500-simple-version.patch
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
> "
> A socket's client authentication setting is one of the following:
>     * client authentication required
>     * client authentication requested
>     * no client authentication desired 
> "
> In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth
it will override the call to the other.
> Therefor I believe the following code only allows for ActiveMQ to be in two states:
> * Client Authentication Required (needClientAuth==true)
> * No client Authentication Desired (needClientAuth==false)
> activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
> As setWantClientAuth is overridden by setNeedClientAuth.
> public void bind() throws IOException {
>   super.bind();
>   ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
>   ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
> }
> I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message