cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r932006 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html
Date Tue, 09 Dec 2014 17:46:50 GMT
Author: buildbot
Date: Tue Dec  9 17:46:49 2014
New Revision: 932006

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Tue Dec  9 17:46:49 2014
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1415209606058 {padding: 0px;}
-div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1418147187626 {padding: 0px;}
+div.rbtoc1418147187626 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1418147187626 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058">
+/*]]>*/</style></p><div class="toc-macro rbtoc1418147187626">
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-KeyManagers">Key
Managers</a></li><li><a shape="rect" href="#TLSConfiguration-TrustManagers">Trust
Managers</a></li><li><a shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites
Filter</a></li><li><a shape="rect" href="#TLSConfiguration-CertConstraints">Cert
Constraints</a></li></ul>
 </li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client
TLS Parameters</a>
@@ -175,7 +175,7 @@ div.rbtoc1415209606058 li {margin-left:
         ...
     &lt;/httpj:tlsServerParameters&gt;
 ]]></script>
-</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In
addition to the TLS Parameters common to both Clients and Servers, there are some parameters
that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a>
to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname
given in the HTTPS URL will be checked against the service's Common Nam
 e (CN) given in its certificate during requests, and failing if there is a mismatch. If set
to <code>true</code> (<strong>not recommended for production use</strong>),
such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code>
during development.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other
bean properties are ignored if this is set.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
 code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a
shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used
to create https connections. If '<code>true</code>', '<code>jsseProvider</code>',
'<code>secureSocketProtocol</code>', '<code>trustManagers</code>',
'<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>'
and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
 pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>'
configuration parameter is ignored.</p></td></tr></tbody></table></div><h2
id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code>
is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code>
as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer"
rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>})
or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-frame
 work-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a>
(e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage
of localhost, etc)</b></div><div class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In
addition to the TLS Parameters common to both Clients and Servers, there are some parameters
that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a>
to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname
given in the HTTPS URL will be checked against the service's Common Nam
 e (CN) given in its certificate during requests, and failing if there is a mismatch. If set
to <code>true</code> (<strong>not recommended for production use</strong>),
such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code>
during development.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other
bean properties are ignored if this is set.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
 code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a
shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used
to create https connections. If '<code>true</code>', '<code>jsseProvider</code>',
'<code>secureSocketProtocol</code>', '<code>trustManagers</code>',
'<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>'
and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
 pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>'
configuration parameter is ignored.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1"
class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd">A
custom HostnameVerifier instance to use</td></tr></tbody></table></div><h2
id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code>
is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code>
as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconf
 igurer" rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>})
or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef"
rel="nofollow">Spring expression</a> (e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP
URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent
panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
  &lt;!-- deactivate HTTPS url hostname verification (localhost, etc)    --&gt;
    &lt;!-- WARNING ! disableCNcheck=true should NOT be used in production --&gt;
    &lt;http-conf:tlsClientParameters disableCNCheck=&quot;true&quot; /&gt;



Mime
View raw message