cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject [cxf] branch master updated: [CXF-7981]mutual SSL configuration for http-undertow transport not handle want and required for clientAuthentication correctly
Date Mon, 25 Feb 2019 06:50:10 GMT
This is an automated email from the ASF dual-hosted git repository.

ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 6036059  [CXF-7981]mutual SSL configuration for http-undertow transport not handle
want and required for clientAuthentication correctly
6036059 is described below

commit 603605933a481aa4f0fe6e29e6607e42769a6d0f
Author: Freeman Fang <freeman.fang@gmail.com>
AuthorDate: Mon Feb 25 14:49:52 2019 +0800

    [CXF-7981]mutual SSL configuration for http-undertow transport not handle want and required
for clientAuthentication correctly
---
 .../apache/cxf/transport/http_undertow/UndertowHTTPServerEngine.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rt/transports/http-undertow/src/main/java/org/apache/cxf/transport/http_undertow/UndertowHTTPServerEngine.java
b/rt/transports/http-undertow/src/main/java/org/apache/cxf/transport/http_undertow/UndertowHTTPServerEngine.java
index 8ab8fd9..856b8c2 100644
--- a/rt/transports/http-undertow/src/main/java/org/apache/cxf/transport/http_undertow/UndertowHTTPServerEngine.java
+++ b/rt/transports/http-undertow/src/main/java/org/apache/cxf/transport/http_undertow/UndertowHTTPServerEngine.java
@@ -279,7 +279,8 @@ public class UndertowHTTPServerEngine implements ServerEngine {
             builder = builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUIRED);
         }
         if (this.tlsServerParameters != null && this.tlsServerParameters.getClientAuthentication()
!= null
-            && this.tlsServerParameters.getClientAuthentication().isWant()) {
+            && this.tlsServerParameters.getClientAuthentication().isWant()
+            && !this.tlsServerParameters.getClientAuthentication().isRequired())
{
             builder = builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUESTED);
         }
         return builder;


Mime
View raw message