[teiid-issues] [JBoss JIRA] (TEIID-4081) SSL - server accepts any client certificate

SSL - server accepts any client certificate ------------------------------------------- Key: TEIID-4081 URL: https://issues.jboss.org/browse/TEIID-4081 Project: Teiid Issue Type: Bug Affects Versions: 8.12.5 Reporter: Juraj Duráni Assignee: Steven Hawkins Priority: Blocker Attachments: keystore_client_expired.jks, keystore_client_root_expired.jks, keystore_client_untrusted.jks, keystore_server.jks, truststore.jks, truststore_expired.jks In 2-way authentication mode client must provide to the server valid certificate. But Teiid accepts any certificate which client provides. * expired * untrusted * signed by certificate of root CA which already expired Teiid should reject such client's certificate and fail to establish connection. On the client side, paths are set using teiid-specific properties: {code:java} System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath); System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd"); System.setProperty("org.teiid.ssl.keyAlias", "client"); System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd"); System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath); System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd"); {code}