SSL Transport configured in wantClientAuth mode never asks for the client
certificate during the SSL Handshake
--------------------------------------------------------------------------------------------------------------
Key: AMQ-1659
URL: https://issues.apache.org/activemq/browse/AMQ-1659
Project: ActiveMQ
Issue Type: Bug
Components: Transport
Affects Versions: 4.1.1
Environment: I think this is for all environments, it may be JDK
dependent though.
I tested on:
Linux 2.6.20-gentoo-r7
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
Reporter: Eric White
Fix For: 4.1.1
See:
http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
"
A socket's client authentication setting is one of the following:
* client authentication required
* client authentication requested
* no client authentication desired
"
In the API it indicates that if you call either setWantClientAuth, or
setNeedClientAuth it will override the call to the other.
Therefor I believe the following code only allows for ActiveMQ to be in two
states:
* Client Authentication Required (needClientAuth==true)
* No client Authentication Desired (needClientAuth==false)
activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
As setWantClientAuth is overridden by setNeedClientAuth.
public void bind() throws IOException {
super.bind();
((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
}
I believe this the same issue as this Jetty issue:
http://jira.codehaus.org/browse/JETTY-86
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
