cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6944) cacerts is loaded while different truststore is specified
Date Mon, 20 Jun 2016 15:09:05 GMT

    [ https://issues.apache.org/jira/browse/CXF-6944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15339668#comment-15339668
] 

Colm O hEigeartaigh commented on CXF-6944:
------------------------------------------

Ok thanks. I've looked into it and the SSL logs are a bit misleading. CXF obtains a HTTPUrlConnection
object via url.openConnection(). This is subsequently "decorated" with the TLS settings. However,
by the time openConnection() is called, the SSL context is not set up. That is why you see
the default CA certs being listed - this occurs on openConnection(). However, openConnect()
does not actually set up the network connection - by the time the connect is done, the correct
truststore settings have been plugged in. 

Colm.

> cacerts is loaded while different truststore is specified
> ---------------------------------------------------------
>
>                 Key: CXF-6944
>                 URL: https://issues.apache.org/jira/browse/CXF-6944
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.7.18
>            Reporter: David Tarr
>            Priority: Minor
>
> It seems cxf still loads the cacerts eventhough a different truststore is specified (programmatically
- not via cxf.xml). Could this potentially load to a security-risk?
> When I movethe trusted key from the different truststore to cacerts, the server is not
trusted and the handshake fails. But I have not investigated any further.
> {noformat}
> 2016-06-17 13:45:21,213 INFO  [main] spring.BusApplicationContext  - Loaded configuration
file cxf.xml.
> 2016-06-17 13:45:21,213 INFO  [main] spring.ControlledValidationXmlBeanDefinitionReader
 - Loading XML bean definitions from class path resource [META-INF/cxf/cxf.xml]
> 2016-06-17 13:45:21,322 INFO  [main] spring.ControlledValidationXmlBeanDefinitionReader
 - Loading XML bean definitions from class path resource [cxf.xml]
> 2016-06-17 13:45:21,793 INFO  [main] factory.ReflectionServiceFactoryBean  - Creating
Service {http://www........com/.........}.... from class .............
> keyStore is : 
> keyStore type is : jks
> keyStore provider is : 
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Java\jdk1.7.0_79\jre\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is : 
> init truststore
> ...
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message