Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Won't Fix
-
None
-
None
Description
This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale:
Enabling requests of client certificates by setting "org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed.
The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself.
For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container.