[jboss-jira] [JBoss JIRA] (WFLY-11657) Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource
Jan Stourac (Jira)
issues at jboss.org
Tue Jan 29 06:57:03 EST 2019
Jan Stourac created WFLY-11657:
----------------------------------
Summary: Value validator for 'host-context-map' attribute of 'server-ssl-sni-context' resource
Key: WFLY-11657
URL: https://issues.jboss.org/browse/WFLY-11657
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 15.0.1.Final, 15.0.0.Final
Reporter: Jan Stourac
Assignee: Darran Lofthouse
There is not validation for 'host-context-map' property values on key side. There is validation for the values that represents 'server-ssl-contexts', although, there is no validation for host matching part. E.g. writing attribute of this value is possible:
{code}
/subsystem=elytron/server-ssl-sni-context=serverSslSniCtx:write-attribute(name=host-context-map,value={"\\?.example.com"=validSslContext,"..example.com"="validSslContext", "\\*\\*.example.com"=validSslContext})
{code}
{code}
"\\?.example.com"
"..example.com"
"\\*\\*.example.com"
{code}
even though, these are invalid host name matchers IMHO. It would be nice to identify these and report those to user immediately during the configuration attempt.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list