[Red Hat JIRA] (ELY-2057) No acceptedIssuers is sent when CRLs are configured
by Sonia Zaldana (Jira)
[ https://issues.redhat.com/browse/ELY-2057?page=com.atlassian.jira.plugin.... ]
Sonia Zaldana updated ELY-2057:
-------------------------------
Steps to Reproduce:
Configure a trust-amanger like this :
{code:java}
<trust-manager name="MyTrustManager" key-store="MyTrustStore" >
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
</trust-manager>{code}
issue an openssl s_client -connect <host:port>
Result is something like that => *No client certificate CA names sent*
{code:java}
---
No client certificate CA names sent
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---{code}
If you comment CRL
{code:java}
<!--
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
-->
{code}
Then everything is working fine
> No acceptedIssuers is sent when CRLs are configured
> ---------------------------------------------------
>
> Key: ELY-2057
> URL: https://issues.redhat.com/browse/ELY-2057
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Sonia Zaldana
> Assignee: Sonia Zaldana
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 7 months
[Red Hat JIRA] (ELY-2057) No acceptedIssuers is sent when CRLs are configured
by Sonia Zaldana (Jira)
[ https://issues.redhat.com/browse/ELY-2057?page=com.atlassian.jira.plugin.... ]
Sonia Zaldana updated ELY-2057:
-------------------------------
Description:
Configure a trust-amanger like this :
{code:java}
<trust-manager name="MyTrustManager" key-store="MyTrustStore" >
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
</trust-manager>{code}
issue an openssl s_client -connect <host:port>
Result is something like that => *No client certificate CA names sent*
{code:java}
---
No client certificate CA names sent
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---{code}
If you comment CRL
{code:java}
<!--
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
-->
{code}
Then everything is working fine
> No acceptedIssuers is sent when CRLs are configured
> ---------------------------------------------------
>
> Key: ELY-2057
> URL: https://issues.redhat.com/browse/ELY-2057
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Sonia Zaldana
> Assignee: Sonia Zaldana
> Priority: Major
>
> Configure a trust-amanger like this :
> {code:java}
> <trust-manager name="MyTrustManager" key-store="MyTrustStore" >
> <certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
> </trust-manager>{code}
> issue an openssl s_client -connect <host:port>
> Result is something like that => *No client certificate CA names sent*
> {code:java}
> ---
> No client certificate CA names sent
> Client Certificate Types: ECDSA sign, RSA sign, DSA sign
> Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
> Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
> Peer signing digest: SHA256
> Peer signature type: RSA
> Server Temp Key: ECDH, P-256, 256 bits
> ---{code}
> If you comment CRL
> {code:java}
> <!--
> <certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
> -->
> {code}
> Then everything is working fine
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 7 months
[Red Hat JIRA] (ELY-2057) No acceptedIssuers is sent when CRLs are configured
by Sonia Zaldana (Jira)
[ https://issues.redhat.com/browse/ELY-2057?page=com.atlassian.jira.plugin.... ]
Sonia Zaldana updated ELY-2057:
-------------------------------
Description: (was: Configure a trust-amanger like this :
{code:java}
<trust-manager name="MyTrustManager" key-store="MyTrustStore" >
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
</trust-manager>{code}
issue an openssl s_client -connect <host:port>
Result is something like that => *No client certificate CA names sent*
{code:java}
---
No client certificate CA names sent
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---{code}
If you comment CRL
{code:java}
<!--
<certificate-revocation-list path="/opt/jboss/wildfly/standalone/configuration/my_crl.pem" />
-->
{code}
Then everything is working fine)
> No acceptedIssuers is sent when CRLs are configured
> ---------------------------------------------------
>
> Key: ELY-2057
> URL: https://issues.redhat.com/browse/ELY-2057
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Sonia Zaldana
> Assignee: Sonia Zaldana
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 7 months
[Red Hat JIRA] (ELY-2057) No acceptedIssuers is sent when CRLs are configured
by Sonia Zaldana (Jira)
[ https://issues.redhat.com/browse/ELY-2057?page=com.atlassian.jira.plugin.... ]
Sonia Zaldana updated ELY-2057:
-------------------------------
Description:
When CRLs are configured there're no client certificate CA names sent for a tls 2 way connexion.
Method setAcceptedIssuers of X509RevocationTrustManager builder is never called, so acceptedIssuers is always empty.
> No acceptedIssuers is sent when CRLs are configured
> ---------------------------------------------------
>
> Key: ELY-2057
> URL: https://issues.redhat.com/browse/ELY-2057
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Sonia Zaldana
> Assignee: Sonia Zaldana
> Priority: Major
>
> When CRLs are configured there're no client certificate CA names sent for a tls 2 way connexion.
> Method setAcceptedIssuers of X509RevocationTrustManager builder is never called, so acceptedIssuers is always empty.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 7 months
[Red Hat JIRA] (WFCORE-5228) No acceptedIssuers is sent when CRLs are configured
by Sonia Zaldana (Jira)
Sonia Zaldana created WFCORE-5228:
-------------------------------------
Summary: No acceptedIssuers is sent when CRLs are configured
Key: WFCORE-5228
URL: https://issues.redhat.com/browse/WFCORE-5228
Project: WildFly Core
Issue Type: Bug
Reporter: Sonia Zaldana
Assignee: Sonia Zaldana
When CRLs are configured there're no client certificate CA names sent for a tls 2 way connexion.
Method setAcceptedIssuers of X509RevocationTrustManager builder is never called, so acceptedIssuers is always empty.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 7 months