[teiid-issues] [JBoss JIRA] (TEIID-4081) SSL - server accepts any client certificate

Juraj Duráni (JIRA) issues at jboss.org
Wed Mar 16 04:28:00 EDT 2016 

     [ https://issues.jboss.org/browse/TEIID-4081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juraj Duráni updated TEIID-4081:
--------------------------------
    Description: 
In 2-way authentication mode client must provide to the server valid certificate. But Teiid accepts any certificate which client provides.
* expired
* untrusted
* signed by certificate of root CA which already expired

Teiid should reject such client's certificate and fail to establish connection.

On the client side, paths are set using teiid-specific properties:
{code:java}
System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
        System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
        System.setProperty("org.teiid.ssl.keyAlias", "client");
        System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
        System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
        System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");
{code}

  was:
In 2-way authentication mode client must provide to the server valid certificate. But Teiid accepts any certificate which client provides.
* expired
* untrusted
* signed by certificate of root CA which already expired

Teiid should reject such client's certificate and fail to establish connection.



> SSL - server accepts any client certificate
> -------------------------------------------
>
>                 Key: TEIID-4081
>                 URL: https://issues.jboss.org/browse/TEIID-4081
>             Project: Teiid
>          Issue Type: Bug
>    Affects Versions: 8.12.5
>            Reporter: Juraj Duráni
>            Assignee: Steven Hawkins
>            Priority: Blocker
>         Attachments: keystore_client_expired.jks, keystore_client_root_expired.jks, keystore_client_untrusted.jks, keystore_server.jks, truststore.jks, truststore_expired.jks
>
>
> In 2-way authentication mode client must provide to the server valid certificate. But Teiid accepts any certificate which client provides.
> * expired
> * untrusted
> * signed by certificate of root CA which already expired
> Teiid should reject such client's certificate and fail to establish connection.
> On the client side, paths are set using teiid-specific properties:
> {code:java}
> System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
>         System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
>         System.setProperty("org.teiid.ssl.keyAlias", "client");
>         System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
>         System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
>         System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list