[APLO-186] Using ?client_auth=need Still Allows SSL Connections with no Client Cert - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2
Fix Version/s: 1.2
Component/s: apollo-broker
Labels:
None
Environment:

Hide
Ubuntu 11.10

java version "1.6.0_23"
OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2)
OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)

Apollo: apache-apollo-99-trunk-20120404.190241-13-unix-distro.tar.gz

Snips:

    <authentication enabled="false"/>

  <connector id="tls" bind="tls://0.0.0.0:62614?client_auth=need"
connection_limit="1000"/>

  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password" key_alias="servertj" />

Show
Ubuntu 11.10 java version "1.6.0_23" OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2) OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode) Apollo: apache-apollo-99-trunk-20120404.190241-13-unix-distro.tar.gz Snips:     <authentication enabled="false"/>   <connector id="tls" bind=" tls://0.0.0.0:62614?client_auth=need " connection_limit="1000"/>   <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password" key_alias="servertj" />

Description

Using the above configuration, when an SSL client connects and does not provide a certificate, the connection is allowed to proceed, and succeeds.

This is either:

a) a bug
b) a configuration issue

If the above configuration is insufficient for full SSL only authorization please advise on the requirements.

Thanks, Guy

Attachments

Activity

People

Assignee:: Hiram R. Chirino

Reporter:: Guy Allard

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Apr/12 19:25

Updated:: 10/Apr/12 11:53

Resolved:: 09/Apr/12 20:18