[JBoss JIRA] (TEIID-4081) SSL - server accepts any client certificate - teiid-issues

Friday, 3 June 2016

     [
https://issues.jboss.org/browse/TEIID-4081?page=com.atlassian.jira.plugin...
]

Steven Hawkins closed TEIID-4081.
---------------------------------

...
 SSL - server accepts any client certificate
 -------------------------------------------

                 Key: TEIID-4081
                 URL: https://issues.jboss.org/browse/TEIID-4081
             Project: Teiid
          Issue Type: Bug
    Affects Versions: 8.12.5
            Reporter: Juraj Duráni
            Assignee: Steven Hawkins
            Priority: Blocker
         Attachments: keystore_client_expired.jks, keystore_client_root_expired.jks,
keystore_client_untrusted.jks, keystore_server.jks, truststore.jks,
truststore_expired.jks

 In 2-way authentication mode client must provide to the server valid certificate. But
Teiid accepts any certificate which client provides.
 * expired
 * untrusted
 * signed by certificate of root CA which already expired
 Teiid should reject such client's certificate and fail to establish connection.
 On the client side, paths are set using teiid-specific properties:
 {code:java}
 System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
 System.setProperty("org.teiid.ssl.keyStorePassword",
"keystorepswd");
 System.setProperty("org.teiid.ssl.keyAlias", "client");
 System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
 System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
 System.setProperty("org.teiid.ssl.trustStorePassword",
"truststorepswd");
 {code} 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[JBoss JIRA] (TEIID-4081) SSL - server accepts any client certificate