[FELIX-4797] Enable client certificate requesting without verifying the certificates - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: HTTP Service
Labels:
- patch

Description

This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale:

Enabling requests of client certificates by setting "org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed.
The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself.
For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

enabling-sslContext-services.patch
17/Mar/15 15:50
1 kB
Reto Gmür
0001-Patch-enabling-client-certificate-authentication-wit.patch
16/Feb/15 11:42
8 kB
Pascal Mainini

Activity

People

Assignee:: Unassigned

Reporter:: Pascal Mainini

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 16/Feb/15 11:41

Updated:: 21/Sep/16 20:08

Resolved:: 21/Sep/16 20:08