Bug 1072310
Summary: | HTTPS connector doesn't request certificate despite verify-client="want" | ||
---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | FIlip Bogyai <fbogyai> |
Component: | Web | Assignee: | Rémy Maucherat <rmaucher> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | FIlip Bogyai <fbogyai> |
Severity: | medium | Docs Contact: | Russell Dickenson <rdickens> |
Priority: | unspecified | ||
Version: | 6.3.0 | CC: | dosoudil, jclere, jkudrnac |
Target Milestone: | DR6 | ||
Target Release: | EAP 6.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-28 15:39:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1071331 |
Description
FIlip Bogyai
2014-03-04 11:07:44 UTC
If you use HttpClient to test I think you can differentiate want an true: the connector is going to give the certificate via the first steps of the SSL dialogue or through a renegociation so a part timing there is no differences. I have used browser- Firefox to test this behavior. When I use EAP 6.3.0.DR1 (before JBoss Web upgrade) and try to connect to unsecured resource on connector with settings verify-client="want", the client certificate is requested. If I use EAP 6.3.0.DR2 (with new JBoss Web 7.4.0.Beta4) and try to connect to unsecured resource on same connector, the client certificate is not requested. I see this as a regression. Reference to documentation: http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#SSL_Connector_Reference1 fixed by r2379 well by r2380 in fact. It requires a new tag of jbossweb. JBoss Web upgraded to 7.4.0.Final, see BZ#1077643. Verified on EAP 6.3.0.DR6 |