[infinispan-issues] [JBoss JIRA] (ISPN-4313) If Hotrod Server encryption's require-ssl-client-auth is set to true, <truststore .. /> existence must be checked
Vijay Bhaskar Chintalapati (JIRA)
issues at jboss.org
Thu May 22 17:38:56 EDT 2014
[ https://issues.jboss.org/browse/ISPN-4313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vijay Bhaskar Chintalapati updated ISPN-4313:
---------------------------------------------
Description:
Currently the Infinispan Server can be configured with SSL encryption such that it requires the client to authenticate itself to the server for the purposes of encryption. This can be done by setting the attribute require-ssl-client-auth="true" as shown below.
<hotrod-connector socket-binding="hotrod" cache-container="security">
....
<encryption security-realm="ApplicationRealm" require-ssl-client-auth="true"/>
....
</hotrod>
But when that attribute is set to "true" a check should be enforced to check the existence of the the <truststore .. /> element exists in secruity-realm's <authentication>.
If the check on the configuration fails, the server should throw and error on bootup rather than fail when client connections start to come in.
Currently when the require-ssl-client-auth="true" and there is no <truststore../> configured, client connections fail and the exception below is thrown at the server:
javax.net.ssl.SSLHandshakeException: null cert chain
was:
Currently the Infinispan Server can be configured with SSL encryption such that it requires the client to authenticate itself to the server for the purposes of encryption. This can be done by setting the attribute require-ssl-client-auth="true" as shown below.
<hotrod-connector socket-binding="hotrod" cache-container="security">
....
<encryption security-realm="ApplicationRealm" require-ssl-client-auth="true"/>
....
</hotrod>
But when that attribute is set to "true" a check should be enforced to check the existence of the the <truststore .. /> element exists in secruity-realm's <authentication>.
If the check on the configuration fails, the server should throw and error on bootup rather than fail when client connections start to come in.
> If Hotrod Server encryption's require-ssl-client-auth is set to true, <truststore .. /> existence must be checked
> -----------------------------------------------------------------------------------------------------------------
>
> Key: ISPN-4313
> URL: https://issues.jboss.org/browse/ISPN-4313
> Project: Infinispan
> Issue Type: Bug
> Components: Configuration, Security
> Affects Versions: 7.0.0.Alpha4
> Reporter: Vijay Bhaskar Chintalapati
> Assignee: Dan Berindei
> Priority: Critical
>
> Currently the Infinispan Server can be configured with SSL encryption such that it requires the client to authenticate itself to the server for the purposes of encryption. This can be done by setting the attribute require-ssl-client-auth="true" as shown below.
> <hotrod-connector socket-binding="hotrod" cache-container="security">
> ....
> <encryption security-realm="ApplicationRealm" require-ssl-client-auth="true"/>
> ....
> </hotrod>
> But when that attribute is set to "true" a check should be enforced to check the existence of the the <truststore .. /> element exists in secruity-realm's <authentication>.
> If the check on the configuration fails, the server should throw and error on bootup rather than fail when client connections start to come in.
> Currently when the require-ssl-client-auth="true" and there is no <truststore../> configured, client connections fail and the exception below is thrown at the server:
> javax.net.ssl.SSLHandshakeException: null cert chain
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)
More information about the infinispan-issues
mailing list