> On 2012-05-04 13:36:45, Yuri Zelikov wrote: > > I am still trying to figure out how to test this patch. I requested a free > > certificate form startssl.com but still waiting for email from them.
Why not just issue the certificates yourself as a pretend CA for the sake of testing this? You need to add the CA certificates to the key store either way... - Ali ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4994/#review7554 ----------------------------------------------------------- On 2012-05-03 18:04:29, Ali Lown wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/4994/ > ----------------------------------------------------------- > > (Updated 2012-05-03 18:04:29) > > > Review request for wave, Michael MacFadden, Yuri Zelikov, and vjrj. > > > Summary > ------- > > Adds ability to login with X.509 client certificates instead of a username > and password. > Relies on the wave userid being the same as the username of the email for the > domain listed in the certificate. > > Patch adds 3 new config values: > ENABLE_CLIENTAUTH - fairly explanatory > CLIENTAUTH_CERT_DOMAIN - required if enabled. Allows the domain the > certificate was issued for to differ (e.g. subdomain) from the wave server > DISABLE_LOGINPAGE - allows password-based authentication to be disabled > forcing the use of client certificates only. > > Patch is a compilation between myself and Thomas Leonard > ([email protected]). > The patch is tidied and rebased version of the original patches from the > mailing list/github from February. > > Known issue: > _Sometimes_ it is has been observed that after a session has expired, the > login screen is presented without the user being automatically logged in. > Entering a username and hitting enter then uses the certificate and the user > is logged in. Reproducing this bug locally has been impossible. (Someone else > can try to narrow down the cause if they want :) ) > > > Diffs > ----- > > /README 1332795 > /server-config.xml 1332795 > /server.config.example 1332795 > /src/org/waveprotocol/box/server/CoreSettings.java 1332795 > /src/org/waveprotocol/box/server/gxp/AuthenticationPage.gxp 1332795 > /src/org/waveprotocol/box/server/rpc/AuthenticationServlet.java 1332795 > /src/org/waveprotocol/box/server/rpc/ServerRpcProvider.java 1332795 > > Diff: https://reviews.apache.org/r/4994/diff > > > Testing > ------- > > Compiled and run locally without issue. > Been deployed to my server and client certificates were issued for all users. > Has been operating fine since February. > > > Thanks, > > Ali > >
