activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake
Date Thu, 10 Apr 2008 17:09:43 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=42186#action_42186
] 

David Jencks commented on AMQ-1659:
-----------------------------------

In the past I've fixed this bug (in other projects) like this:

    public void bind() throws IOException {
        super.bind();
        if (needClientAuth) {
            ((SSLServerSocket)this.serverSocket).setNeedClientAuth(true);
        } else if (wantClientAuth) {
            ((SSLServerSocket)this.serverSocket).setWantClientAuth(true);
        }
    }


which to me corresponds better to natural language usage like "I not only want client auth,
I need it!"

Is there some reason you think that setting both flags true should be disallowed?


> SSL Transport configured in wantClientAuth mode never asks for the client certificate
during the SSL Handshake
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1659
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 4.1.1
>         Environment: I think this is for all environments, it may be JDK dependent though.
> I tested on:
> Linux  2.6.20-gentoo-r7
> java version "1.6.0"
> Java(TM) SE Runtime Environment (build 1.6.0-b105)
> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
>            Reporter: Eric White
>            Assignee: David Jencks
>             Fix For: 4.1.1
>
>         Attachments: amq-411-complex-version.patch, amq-411-simple-version.patch, amq-500-complex-version.patch,
amq-500-simple-version.patch
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
> "
> A socket's client authentication setting is one of the following:
>     * client authentication required
>     * client authentication requested
>     * no client authentication desired 
> "
> In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth
it will override the call to the other.
> Therefor I believe the following code only allows for ActiveMQ to be in two states:
> * Client Authentication Required (needClientAuth==true)
> * No client Authentication Desired (needClientAuth==false)
> activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
> As setWantClientAuth is overridden by setNeedClientAuth.
> public void bind() throws IOException {
>   super.bind();
>   ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
>   ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
> }
> I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message