[
https://issues.apache.org/jira/browse/CXF-8253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-8253.
--------------------------------------
Resolution: Fixed
> Provide a way to disable TLS trust verification for the OSGi
> HttpConduitConfigApplier
> -------------------------------------------------------------------------------------
>
> Key: CXF-8253
> URL: https://issues.apache.org/jira/browse/CXF-8253
> Project: CXF
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.4.0, 3.3.7
>
>
> When configuring TLS using properties in an OSGi container via
> HttpConduitConfigApplier, there is no easy way to disable TLS trust
> verification (for testing). For Spring + Blueprint it's easy enough to
> configure an insecure Trust Manager implementation, for example:
>
> {code:java}
> <bean id="trustManagers"
> class="org.apache.cxf.transport.https.InsecureTrustManager"
> factory-method="getNoOpX509TrustManagers"/>
> <http:conduit name="https://localhost:.*";>
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers ref="trustManagers" />
> </http:tlsClientParameters>
> </http:conduit>
> {code}
> This task is to add a new configuration property called
> "trustManagers.disableTrustVerification", which if set to "true" will call
> InsecureTrustManager.getNoOpX509TrustManagers under the hood, to disable TLS
> trust verification.
> Obviously this is insecure and should only be used for testing!
> InsecureTrustManager prints a LOG along these lines at warning level.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
