[jboss-jira] [JBoss JIRA] (ELY-1271) Elytron server-ssl-context should not use default value when referenced security-domain cannot be used
Ondrej Lukas (JIRA)
issues at jboss.org
Thu Jun 29 05:52:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated ELY-1271:
------------------------------
Affects Version/s: 1.1.0.Beta52
> Elytron server-ssl-context should not use default value when referenced security-domain cannot be used
> ------------------------------------------------------------------------------------------------------
>
> Key: ELY-1271
> URL: https://issues.jboss.org/browse/ELY-1271
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta52
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
>
> When {{security-domain}} from {{server-ssl-context}} cannot verify {{X509PeerCertificateChainEvidence}} then {{server-ssl-context}} should rather fail then use some default for {{X509TrustManager}} in [1]. It causes that misconfiguration in security domain is masked.
> [1] https://github.com/wildfly-security/wildfly-elytron/blob/656354343e7e28fdee47ab58a03c1cf7042abd55/src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java#L341
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list