1312455 – (TEIID-3177-DV6.2.4) Enforce SSL connections over ODBC when Encryption Mode is enabled

Bug 1312455 (TEIID-3177-DV6.2.4) - Enforce SSL connections over ODBC when Encryption Mode is enabled

Summary: Enforce SSL connections over ODBC when Encryption Mode is enabled

Keywords:
Status:	CLOSED NOTABUG
Alias:	TEIID-3177-DV6.2.4
Product:	JBoss Data Virtualization 6
Classification:	JBoss
Component:	Teiid
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	jolee
QA Contact:	Filip Elias
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1307150
TreeView+	depends on / blocked

Reported:	2016-02-26 17:56 UTC by dsteigne
Modified:	2019-10-10 11:21 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-08-18 08:37:45 UTC
Type:	Support Patch

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	TEIID-3177	0	Critical	Closed	Enforce SSL connections over ODBC when Encryption Mode is enabled	2018-03-23 18:54:27 UTC
Red Hat Knowledge Base (Solution)	2180191	0	None	None	None	2016-02-26 18:44:22 UTC

Description dsteigne 2016-02-26 17:56:16 UTC

Description of problem:

backport system property org.teiid.ODBCRequireSecure to 6.2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 dsteigne 2016-02-26 18:32:00 UTC

It would be a good idea to have the default set to false so that the patch preserves the old behavior

Comment 2 jolee 2016-03-08 20:40:35 UTC

git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : fe92300

git:teiid/teiid.git : 62-8.7.x : fe92300

Comment 3 jolee 2016-03-29 13:56:29 UTC

specifying org.teiid.ODBCRequireSecure as default false to revert to existing behavior

git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : 7f374de

git:teiid/teiid.git : 62-8.7.x 7f374de

Comment 4 jolee 2016-03-29 15:47:22 UTC

... and missed a changes in the tests.

git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : a4c7574

git:teiid/teiid.git : 62-8.7.x : a4c7574

Comment 5 Juraj Duráni 2016-04-08 07:18:26 UTC

The fix reverted behavior completely.
Expected behavior:
 1. Teiid must reject ODBC connection if caller ask for unsecure connection (i.e. SSL_MODE property of ODBC ds set to disable) and Teiid ODBC transport is configured to use secure connections (i.e. ssl-mode set to enabled and ssl-authentication-mode set to e.g. anonymous)
 2. Teiid must allow user to connect to ODBC transport with user:password authentication OOB (i.e. install JDV -> install patch -> try to connect to VDB via ODBC -> success)

Actual behavior:
 1. fail
 2. OK

Comment 6 jolee 2016-04-08 12:05:09 UTC

@Juraj,
  Please note,  the update release is supposed to behave in the reverted behavior unless the system property is specified:
org.teiid.ODBCRequireSecure=true

I will update this information in the release notes and the associated solution article.

Comment 7 Juraj Duráni 2016-04-08 12:32:33 UTC

My bad. Thanks for clarification! Verified.

Note You need to log in before you can comment on or make changes to this bug.