[jboss-jira] [JBoss JIRA] (WFLY-2810) HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
Stuart Douglas (JIRA)
issues at jboss.org
Thu Feb 13 21:47:28 EST 2014
[ https://issues.jboss.org/browse/WFLY-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-2810.
----------------------------------
Fix Version/s: 8.0.0.Final
Resolution: Done
> HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
> --------------------------------------------------------------------------------------
>
> Key: WFLY-2810
> URL: https://issues.jboss.org/browse/WFLY-2810
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.CR1
> Reporter: Filip Bogyai
> Assignee: Stuart Douglas
> Priority: Minor
> Fix For: 8.0.0.Final
>
>
> HTTPS undertow listener has 3 options for verify-client parameter: NOT_REQUESTED (Default), REQUESTED, REQUIRED. If it is set to NOT_REQUESTED (the default), it should not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication. But when I tried to access unsecured resource as first, it requested certificate. (It behaves same as verify-client is set to REQUESTED)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list