[teiid-issues] [JBoss JIRA] (TEIID-4081) SSL - server accepts any client certificate
Juraj Duráni (JIRA)
issues at jboss.org
Wed Mar 16 10:42:00 EDT 2016
[ https://issues.jboss.org/browse/TEIID-4081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13177894#comment-13177894 ]
Juraj Duráni commented on TEIID-4081:
-------------------------------------
You are right. I noticed that if TeiidDriver loads client's certificate it will use the certificate regardless system properties are changed or not.
I updated test suite for SSL so every test uses its own ClassLoader to load TeiidDriver class.
Anyway. Is this required behavior?
{code:java}
// set system properties "org.teiid.ssl.*" - keystore1
Connection con = TeiidDriver.getInstance().connect(...);
...
con.close();
// change system properties "org.teiid.ssl.*" - keystore2
Connection con = TeiidDriver.getInstance().connect(...); // this will use certificates from keystore1
{code}
> SSL - server accepts any client certificate
> -------------------------------------------
>
> Key: TEIID-4081
> URL: https://issues.jboss.org/browse/TEIID-4081
> Project: Teiid
> Issue Type: Bug
> Affects Versions: 8.12.5
> Reporter: Juraj Duráni
> Assignee: Steven Hawkins
> Priority: Blocker
> Attachments: keystore_client_expired.jks, keystore_client_root_expired.jks, keystore_client_untrusted.jks, keystore_server.jks, truststore.jks, truststore_expired.jks
>
>
> In 2-way authentication mode client must provide to the server valid certificate. But Teiid accepts any certificate which client provides.
> * expired
> * untrusted
> * signed by certificate of root CA which already expired
> Teiid should reject such client's certificate and fail to establish connection.
> On the client side, paths are set using teiid-specific properties:
> {code:java}
> System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
> System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.keyAlias", "client");
> System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
> System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list