[
https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14327223#comment-14327223
]
Reto Gmür commented on FELIX-4797:
----------------------------------
It would also be possible to allow injection of services doing the certificate
validation, in this case one could provide a service that does the WebId
validation or that accepts all certificates. The proposed delegates validation
to the application. This is often an advantage, for example when one wants to
give back detailed description of errors.
> Enable client certificate requesting without verifying the certificates
> -----------------------------------------------------------------------
>
> Key: FELIX-4797
> URL: https://issues.apache.org/jira/browse/FELIX-4797
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Pascal Mainini
> Priority: Minor
> Labels: patch
> Attachments:
> 0001-Patch-enabling-client-certificate-authentication-wit.patch
>
>
> This is a patch enabling requesting client certificate authentication without
> further validation of the certificates provided by the client. Rationale:
> Enabling requests of client certificates by setting
> "org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a
> client-certificate from any connecting client. Depending on the value set,
> this is either an optional or mandatory step to be fulfilled by the client in
> order to have it's HTTP-request further processed.
> The client-certificate obtained is validated against either the
> CA-certificates found in the truststore or - if none given - by the server's
> certificate itself.
> For some usecases, this validation is unsuitable or not possible at all,
> namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID)
> authorization processed by a servlet within the container.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
