Bug 1312455 (TEIID-3177-DV6.2.4)

Summary: Enforce SSL connections over ODBC when Encryption Mode is enabled
Product: [JBoss] JBoss Data Virtualization 6 Reporter: dsteigne
Component: TeiidAssignee: jolee
Status: CLOSED NOTABUG QA Contact: Filip Elias <felias>
Severity: high Docs Contact:
Priority: high    
Version: 6.2.0CC: aszczucz, blafond, felias, jdurani, jolee, mbaluch, thauser
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-18 08:37:45 UTC Type: Support Patch
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1307150    

Description dsteigne 2016-02-26 17:56:16 UTC 
Description of problem:

backport system property org.teiid.ODBCRequireSecure to 6.2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 dsteigne 2016-02-26 18:32:00 UTC 
It would be a good idea to have the default set to false so that the patch preserves the old behavior
Comment 2 jolee 2016-03-08 20:40:35 UTC 
git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : fe92300

git:teiid/teiid.git : 62-8.7.x : fe92300
Comment 3 jolee 2016-03-29 13:56:29 UTC 
specifying org.teiid.ODBCRequireSecure as default false to revert to existing behavior

git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : 7f374de

git:teiid/teiid.git : 62-8.7.x 7f374de
Comment 4 jolee 2016-03-29 15:47:22 UTC 
... and missed a changes in the tests.

git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : a4c7574

git:teiid/teiid.git : 62-8.7.x : a4c7574
Comment 5 Juraj Duráni 2016-04-08 07:18:26 UTC 
The fix reverted behavior completely.
Expected behavior:
 1. Teiid must reject ODBC connection if caller ask for unsecure connection (i.e. SSL_MODE property of ODBC ds set to disable) and Teiid ODBC transport is configured to use secure connections (i.e. ssl-mode set to enabled and ssl-authentication-mode set to e.g. anonymous)
 2. Teiid must allow user to connect to ODBC transport with user:password authentication OOB (i.e. install JDV -> install patch -> try to connect to VDB via ODBC -> success)

Actual behavior:
 1. fail
 2. OK
Comment 6 jolee 2016-04-08 12:05:09 UTC 
@Juraj,
  Please note,  the update release is supposed to behave in the reverted behavior unless the system property is specified:
org.teiid.ODBCRequireSecure=true

I will update this information in the release notes and the associated solution article.
Comment 7 Juraj Duráni 2016-04-08 12:32:33 UTC 
My bad. Thanks for clarification! Verified.