[
https://issues.apache.org/jira/browse/AXIS2C-1550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1550.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
The libcurl transport now properly supports SSL client certificate
authentication by setting:
- CURLOPT_CAINFO for SERVER_CERT (CA certificate)
- CURLOPT_SSLCERT/CURLOPT_SSLKEY for KEY_FILE (client certificate)
- CURLOPT_KEYPASSWD for SSL_PASSPHRASE (private key passphrase)
> HTTPS using axis2c.xml or embedded axis2 lib does not work with SSL
> authentication?
> -----------------------------------------------------------------------------------
>
> Key: AXIS2C-1550
> URL: https://issues.apache.org/jira/browse/AXIS2C-1550
> Project: Axis2-C
> Issue Type: Bug
> Reporter: Kevin H
> Priority: Major
> Fix For: 2.0.0
>
>
> Hi all,
> I have followed this instruction here to set up an https request (client) to
> a server but encountered error. I am not sure why. Basically i found that the
> changes to axis2.xml is needed while the changes to the C codes doesnt make
> any effect. However, the changes to axis2.xml still does not get me thru the
> SSL authentication.
> The instruction is here:
> http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html
> I basically have the CA cert, the key, and the client cert in 3 different
> files. The instruction said i needed to "cat" the client cert and the key to
> 1 same file, which i did.
> On another attempt, I did manage to write my own client codes (using libcurl)
> with these credentials which connects OK to the server. But somehow the
> axis2c client service does not work.
> In details, the changes i made are these:
> In axis2c.xml:
> Enable https both in receiver and sender:
> <transportReceiver name="https" class="axis2_http_receiver">
> <parameter name="port" locked="false">6060</parameter>
> <parameter name="exposeHeaders" locked="true">false</parameter>
> </transportReceiver>
> <transportSender name="https" class="axis2_http_sender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="xml-declaration" insert="false"/>
> <parameter name="SERVER_CERT">/path/ca-file.pem</parameter>
> <parameter name="KEY_FILE">/path/client.pem</parameter>
> </transportSender>
> My understanding is this is all i need to make the transport layer carry the
> credentials, which are needed for the server to handshake/authenticate this
> client code.
> But the error i get from the logs is like this:
> [Fri Jun 24 17:56:56 2011] [error] libcurl/axis2_libcurl.c(538) NSS: client
> certificate not found (nickname not specified)
> [Fri Jun 24 17:56:56 2011] [error] libcurl/axis2_libcurl.c(540) Error
> occurred in transport
> [Fri Jun 24 17:56:56 2011] [error] engine.c(179) Transport sender invoke
> failed
> I wonder what i did wrong? Any help is greatly appreciated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
