[jboss-jira] [JBoss JIRA] (ELY-1218) Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context
Farah Juma (JIRA)
issues at jboss.org
Mon Jun 5 14:26:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma reassigned ELY-1218:
-------------------------------
Assignee: Farah Juma (was: Darran Lofthouse)
> Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context
> ------------------------------------------------------------------------------
>
> Key: ELY-1218
> URL: https://issues.jboss.org/browse/ELY-1218
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta47
> Reporter: Ondrej Lukas
> Assignee: Farah Juma
> Priority: Critical
>
> Token #MUTUAL should work as follow:
> _{{#MUTUAL}} - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches {{#FAMILY(SCRAM)}} and {{#FAMILY(GS2)}} but may be adjusted in the future as new mechanisms are available._ [1]
> However it also incorrectly requires SSL context to be used, in {{SaslMechanismPredicate.MUTUAL}} [2] see:
> {code}
> boolean test(final String mechName, final SSLSession sslSession) {
> return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName);
> }
> {code}
> SSL context should not be required for {{#FAMILY(SCRAM)}} or {{#FAMILY(GS2)}}.
> [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238
> [2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf05e3c852d34e191f181038aa/src/main/java/org/wildfly/security/sasl/SaslMechanismPredicate.java#L185
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list