activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric White (JIRA)" <j...@apache.org>
Subject [jira] Updated: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake
Date Thu, 10 Apr 2008 12:49:59 GMT

     [ https://issues.apache.org/activemq/browse/AMQ-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eric White updated AMQ-1659:
----------------------------

    Attachment: amq-500-complex-version.patch

This file is for ActiveMQ 5.0.0

I have NOT TESTED this on ActiveMQ 5, but the looking at the source code, I think the issue
is there.  This patch does compile.

In this version Boolean properties are used instead of just boolean. This makes it possible
to distinguish between true, false, and null.  Corresponding to the underlying properties
being set to true, false or not set at all.


> SSL Transport configured in wantClientAuth mode never asks for the client certificate
during the SSL Handshake
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1659
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 4.1.1
>         Environment: I think this is for all environments, it may be JDK dependent though.
> I tested on:
> Linux  2.6.20-gentoo-r7
> java version "1.6.0"
> Java(TM) SE Runtime Environment (build 1.6.0-b105)
> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
>            Reporter: Eric White
>             Fix For: 4.1.1
>
>         Attachments: amq-411-complex-version.patch, amq-411-simple-version.patch, amq-500-complex-version.patch,
amq-500-simple-version.patch
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
> "
> A socket's client authentication setting is one of the following:
>     * client authentication required
>     * client authentication requested
>     * no client authentication desired 
> "
> In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth
it will override the call to the other.
> Therefor I believe the following code only allows for ActiveMQ to be in two states:
> * Client Authentication Required (needClientAuth==true)
> * No client Authentication Desired (needClientAuth==false)
> activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
> As setWantClientAuth is overridden by setNeedClientAuth.
> public void bind() throws IOException {
>   super.bind();
>   ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
>   ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
> }
> I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message