incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuri Zelikov" <vega...@gmail.com>
Subject Re: Review Request: SSL Client Authentication
Date Sat, 05 May 2012 16:34:15 GMT


> On 2012-05-04 13:36:45, Yuri Zelikov wrote:
> > I am still trying to figure out how to test this patch. I requested a free certificate
form startssl.com but still waiting for email from them.
> 
> Ali Lown wrote:
>     Why not just issue the certificates yourself as a pretend CA for the sake of testing
this? You need to add the CA certificates to the key store either way...

Hmm, Ok . I ll try, thanks.


- Yuri


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4994/#review7554
-----------------------------------------------------------


On 2012-05-03 18:04:29, Ali Lown wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/4994/
> -----------------------------------------------------------
> 
> (Updated 2012-05-03 18:04:29)
> 
> 
> Review request for wave, Michael MacFadden, Yuri Zelikov, and vjrj.
> 
> 
> Summary
> -------
> 
> Adds ability to login with X.509 client certificates instead of a username and password.
> Relies on the wave userid being the same as the username of the email for the domain
listed in the certificate.
> 
> Patch adds 3 new config values:
> ENABLE_CLIENTAUTH - fairly explanatory
> CLIENTAUTH_CERT_DOMAIN - required if enabled. Allows the domain the certificate was issued
for to differ (e.g. subdomain) from the wave server
> DISABLE_LOGINPAGE - allows password-based authentication to be disabled forcing the use
of client certificates only.
> 
> Patch is a compilation between myself and Thomas Leonard (tal@it-innovation.soton.ac.uk).
> The patch is tidied and rebased version of the original patches from the mailing list/github
from February.
> 
> Known issue:
> _Sometimes_ it is has been observed that after a session has expired, the login screen
is presented without the user being automatically logged in. Entering a username and hitting
enter then uses the certificate and the user is logged in. Reproducing this bug locally has
been impossible. (Someone else can try to narrow down the cause if they want :) )
> 
> 
> Diffs
> -----
> 
>   /README 1332795 
>   /server-config.xml 1332795 
>   /server.config.example 1332795 
>   /src/org/waveprotocol/box/server/CoreSettings.java 1332795 
>   /src/org/waveprotocol/box/server/gxp/AuthenticationPage.gxp 1332795 
>   /src/org/waveprotocol/box/server/rpc/AuthenticationServlet.java 1332795 
>   /src/org/waveprotocol/box/server/rpc/ServerRpcProvider.java 1332795 
> 
> Diff: https://reviews.apache.org/r/4994/diff
> 
> 
> Testing
> -------
> 
> Compiled and run locally without issue.
> Been deployed to my server and client certificates were issued for all users. Has been
operating fine since February.
> 
> 
> Thanks,
> 
> Ali
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message