Colm O hEigeartaigh created CXF-8253:
----------------------------------------
Summary: Provide a way to disable TLS trust verification for the
OSGi HttpConduitConfigApplier
Key: CXF-8253
URL: https://issues.apache.org/jira/browse/CXF-8253
Project: CXF
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.4.0, 3.3.7
When configuring TLS using properties in an OSGi container via
HttpConduitConfigApplier, there is no easy way to disable TLS trust
verification (for testing). For Spring + Blueprint it's easy enough to
configure an insecure Trust Manager implementation, for example:
{code:java}
<bean id="trustManagers"
class="org.apache.cxf.transport.https.InsecureTrustManager"
factory-method="getNoOpX509TrustManagers"/>
<http:conduit name="https://localhost:.*";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers ref="trustManagers" />
</http:tlsClientParameters>
</http:conduit>
{code}
This task is to add a new configuration property called
"trustManagers.disableTrustVerification", which if set to "true" will call
InsecureTrustManager.getNoOpX509TrustManagers under the hood, to disable TLS
trust verification.
Obviously this is insecure and should only be used for testing!
InsecureTrustManager prints a LOG along these lines at warning level.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
