Bug 1312455 - (TEIID-3177-DV6.2.4) Enforce SSL connections over ODBC when Encryption Mode is enabled
Enforce SSL connections over ODBC when Encryption Mode is enabled
Status: CLOSED NOTABUG
Product: JBoss Data Virtualization 6
Classification: JBoss
Component: Teiid (Show other bugs)
6.2.0
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: jolee
Filip Elias
:
Depends On:
Blocks: 1307150
  Show dependency treegraph
 
Reported: 2016-02-26 12:56 EST by dsteigne
Modified: 2016-08-18 04:37 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-18 04:37:45 EDT
Type: Support Patch
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker TEIID-3177 Critical Closed Enforce SSL connections over ODBC when Encryption Mode is enabled 2016-08-18 04:37 EDT
Red Hat Knowledge Base (Solution) 2180191 None None None 2016-02-26 13:44 EST

  None (edit)
Description dsteigne 2016-02-26 12:56:16 EST
Description of problem:

backport system property org.teiid.ODBCRequireSecure to 6.2

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 dsteigne 2016-02-26 13:32:00 EST
It would be a good idea to have the default set to false so that the patch preserves the old behavior
Comment 2 jolee 2016-03-08 15:40:35 EST
git@github.com:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : fe92300

git@github.com:teiid/teiid.git : 62-8.7.x : fe92300
Comment 3 jolee 2016-03-29 09:56:29 EDT
specifying org.teiid.ODBCRequireSecure as default false to revert to existing behavior

git@github.com:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : 7f374de

git@github.com:teiid/teiid.git : 62-8.7.x 7f374de
Comment 4 jolee 2016-03-29 11:47:22 EDT
... and missed a changes in the tests.

git@github.com:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : a4c7574

git@github.com:teiid/teiid.git : 62-8.7.x : a4c7574
Comment 5 Juraj Duráni 2016-04-08 03:18:26 EDT
The fix reverted behavior completely.
Expected behavior:
 1. Teiid must reject ODBC connection if caller ask for unsecure connection (i.e. SSL_MODE property of ODBC ds set to disable) and Teiid ODBC transport is configured to use secure connections (i.e. ssl-mode set to enabled and ssl-authentication-mode set to e.g. anonymous)
 2. Teiid must allow user to connect to ODBC transport with user:password authentication OOB (i.e. install JDV -> install patch -> try to connect to VDB via ODBC -> success)

Actual behavior:
 1. fail
 2. OK
Comment 6 jolee 2016-04-08 08:05:09 EDT
@Juraj,
  Please note,  the update release is supposed to behave in the reverted behavior unless the system property is specified:
org.teiid.ODBCRequireSecure=true

I will update this information in the release notes and the associated solution article.
Comment 7 Juraj Duráni 2016-04-08 08:32:33 EDT
My bad. Thanks for clarification! Verified.

Note You need to log in before you can comment on or make changes to this bug.