Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 5165 invoked from network); 10 Apr 2008 09:19:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Apr 2008 09:19:40 -0000 Received: (qmail 23321 invoked by uid 500); 10 Apr 2008 09:19:40 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 23299 invoked by uid 500); 10 Apr 2008 09:19:40 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 23290 invoked by uid 99); 10 Apr 2008 09:19:40 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Apr 2008 02:19:40 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Apr 2008 09:18:58 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 7443A234C0BA for ; Thu, 10 Apr 2008 02:16:43 -0700 (PDT) Message-ID: <112324809.1207819003470.JavaMail.jira@brutus> Date: Thu, 10 Apr 2008 02:16:43 -0700 (PDT) From: "Eric White (JIRA)" To: dev@activemq.apache.org Subject: [jira] Created: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake -------------------------------------------------------------------------------------------------------------- Key: AMQ-1659 URL: https://issues.apache.org/activemq/browse/AMQ-1659 Project: ActiveMQ Issue Type: Bug Components: Transport Affects Versions: 4.1.1 Environment: I think this is for all environments, it may be JDK dependent though. I tested on: Linux 2.6.20-gentoo-r7 java version "1.6.0" Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode) Reporter: Eric White Fix For: 4.1.1 See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean) " A socket's client authentication setting is one of the following: * client authentication required * client authentication requested * no client authentication desired " In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth it will override the call to the other. Therefor I believe the following code only allows for ActiveMQ to be in two states: * Client Authentication Required (needClientAuth==true) * No client Authentication Desired (needClientAuth==false) activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java As setWantClientAuth is overridden by setNeedClientAuth. public void bind() throws IOException { super.bind(); ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth); ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth); } I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.