[AMQ-1659] SSL Transport configured in wantClientAuth mode never asks for the client certificate during the SSL Handshake - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.1.1, 5.0.0
Fix Version/s: 4.1.2, 5.1.0
Component/s: Transport
Labels:
None
Environment:

Hide

I think this is for all environments, it may be JDK dependent though.

I tested on:
Linux 2.6.20-gentoo-r7
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)

Show
I think this is for all environments, it may be JDK dependent though. I tested on: Linux 2.6.20-gentoo-r7 java version "1.6.0" Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0-b105, mixed mode)

Description

See: http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)

"
A socket's client authentication setting is one of the following:

client authentication required
client authentication requested
no client authentication desired
"

In the API it indicates that if you call either setWantClientAuth, or setNeedClientAuth it will override the call to the other.

Therefor I believe the following code only allows for ActiveMQ to be in two states:

Client Authentication Required (needClientAuth==true)
No client Authentication Desired (needClientAuth==false)

activemq-core/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java

As setWantClientAuth is overridden by setNeedClientAuth.
public void bind() throws IOException {
super.bind();
((SSLServerSocket)this.serverSocket).setWantClientAuth(wantClientAuth);
((SSLServerSocket)this.serverSocket).setNeedClientAuth(needClientAuth);
}

I believe this the same issue as this Jetty issue: http://jira.codehaus.org/browse/JETTY-86

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

amq-411-complex-version.patch
10/Apr/08 12:45
3 kB
Eric White
amq-411-simple-version.patch
10/Apr/08 12:47
1 kB
Eric White
amq-500-complex-version.patch
10/Apr/08 12:48
3 kB
Eric White
amq-500-simple-version.patch
10/Apr/08 12:49
1 kB
Eric White

Activity

People

Assignee:: David Jencks

Reporter:: Eric White

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Apr/08 09:15

Updated:: 11/Apr/08 08:21

Resolved:: 10/Apr/08 19:42

Time Tracking

Estimated:

48h

Remaining:

48h

Logged:

Not Specified