[jira] Commented: (AMQ-1659) SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake

Thu, 10 Apr 2008 05:40:44 -0700 

    [ 
https://issues.apache.org/activemq/browse/AMQ-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=42170#action_42170
 ] 

Eric White commented on AMQ-1659:
---------------------------------

{noformat} 
activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
public void bind() throws IOException { 
    super.bind();
    ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
    ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth); 
<--- This overrides setWantClientAuth
}
{noformat} 

> SSL Transport configured in wantClientAuth mode never asks for the client 
> certificate during the SSL Handshake
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1659
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1659
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Transport
>    Affects Versions: 4.1.1
>         Environment: I think this is for all environments, it may be JDK 
> dependent though.
> I tested on:
> Linux  2.6.20-gentoo-r7
> java version "1.6.0"
> Java(TM) SE Runtime Environment (build 1.6.0-b105)
> Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)
>            Reporter: Eric White
>             Fix For: 4.1.1
>
>   Original Estimate: 2 days
>  Remaining Estimate: 2 days
>
> See: 
> http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)
> "
> A socket's client authentication setting is one of the following:
>     * client authentication required
>     * client authentication requested
>     * no client authentication desired 
> "
> In the API it indicates that if you call either setWantClientAuth, or 
> setNeedClientAuth it will override the call to the other.
> Therefor I believe the following code only allows for ActiveMQ to be in two 
> states:
> * Client Authentication Required (needClientAuth==true)
> * No client Authentication Desired (needClientAuth==false)
> activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
> As setWantClientAuth is overridden by setNeedClientAuth.
> public void bind() throws IOException {
>   super.bind();
>   ((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
>   ((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
> }
> I believe this the same issue as this Jetty issue: 
> http://jira.codehaus.org/browse/JETTY-86

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to