Issue Details (XML | Word | Printable)

Key: AMQ-1659
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: David Jencks
Reporter: Eric White
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
ActiveMQ

SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake

Created: 10/Apr/08 02:15 AM   Updated: 11/Apr/08 01:21 AM
Return to search
Component/s: Transport
Affects Version/s: 4.1.1, 5.0.0
Fix Version/s: 4.1.2, 5.1.0

Time Tracking:
Original Estimate: 4 days, 8 hours
Original Estimate - 4 days, 8 hours
Remaining Estimate: 4 days, 8 hours
Remaining Estimate - 4 days, 8 hours
Time Spent: Not Specified
Remaining Estimate - 4 days, 8 hours

File Attachments:
  File Name Date Attached Attached By Size
Text File Licensed for inclusion in ASF works amq-411-complex-version.patch 2008-04-10 05:45 AM Eric White 3 kB
Text File Licensed for inclusion in ASF works amq-411-simple-version.patch 2008-04-10 05:47 AM Eric White 1 kB
Text File Licensed for inclusion in ASF works amq-500-complex-version.patch 2008-04-10 05:48 AM Eric White 3 kB
Text File Licensed for inclusion in ASF works amq-500-simple-version.patch 2008-04-10 05:49 AM Eric White 1 kB
Environment:
I think this is for all environments, it may be JDK dependent though.

I tested on:
Linux 2.6.20-gentoo-r7
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)


 Description  « Hide
See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)

"
A socket's client authentication setting is one of the following:

  • client authentication required
  • client authentication requested
  • no client authentication desired
    "

In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth it will override the call to the other.

Therefor I believe the following code only allows for ActiveMQ to be in two states:

  • Client Authentication Required (needClientAuth==true)
  • No client Authentication Desired (needClientAuth==false)

activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java

As setWantClientAuth is overridden by setNeedClientAuth.
public void bind() throws IOException {
super.bind();
((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
}

I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

 All   Comments   Work Log   Change History   Subversion Commits   FishEye   Crucible      Sort Order: Ascending order - Click to sort in descending order
Create crucible review for all 2 changesets in
646928 by  David Jencks (2 files)
10/Apr/08 12:19 PM (19 months, 6 days ago)
646936 by  David Jencks (2 files)
10/Apr/08 12:41 PM (19 months, 6 days ago)

Powered by a free Atlassian JIRA open source license for Apache Software Foundation - ActiveMQ. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators