[jboss-jira] [JBoss JIRA] (WFCORE-3494) CLI, infinite loop when accepting temporarily SSL certificate
Jean-Francois Denise (JIRA)
issues at jboss.org
Mon Jan 8 05:33:00 EST 2018
Jean-Francois Denise created WFCORE-3494:
--------------------------------------------
Summary: CLI, infinite loop when accepting temporarily SSL certificate
Key: WFCORE-3494
URL: https://issues.jboss.org/browse/WFCORE-3494
Project: WildFly Core
Issue Type: Bug
Components: CLI
Reporter: Jean-Francois Denise
Assignee: Jean-Francois Denise
Scenario:
1) Accept Temporarily CERT1 CN=CA,
2) Disable SSL
3) Enable SSL with new certificate CERT2, same DN CN=CA
4) Prompt user to accept CERT2, Internal certificates set iterator returns items in this order (important): CERT2,CERT1
5) Internally create a delegate that will do the actual certificate check and add to it all certificates: theTrustStore.setCertificateEntry(current.getSubjectX500Principal().getName(), current);
6) So CERT1 and CERT2 are sharing the same name, CERT1 overrides CERT2, CERT2 (the certificate to add) will never be added
7) Infinite loop.
The problem comes from the fact that DN is used as the alias. In the case of temporarily added certificate, a unique alias should be created.
For certificate added permanently to the trust-store, the DN is also used as the alias. In this case, the last accepted certificate is the one stored, there is no mismatch.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list