You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Jon Hanshew (JIRA)" <ji...@apache.org> on 2007/09/19 20:22:12 UTC
[jira] Created: (RAMPART-88) Policy sample "sample-tomcat"
incorrectly adds client.jks to Client's truststore
Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
--------------------------------------------------------------------------------
Key: RAMPART-88
URL: https://issues.apache.org/jira/browse/RAMPART-88
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.3
Environment: Axis 1.3 Rampart 1.3 Windows 2K
Reporter: Jon Hanshew
Fix For: 1.3
The client runs when it installs client.jks in its truststore, but it is misleading. The client must decide whether to trust the service, not itself. When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service. For test keys this must be explicit as shown in the example. When I changed the client's truststore to point to service.jks, the sample still worked. Are client.jks and service.jks the same key with different names?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-88) Policy sample "sample-tomcat"
incorrectly adds client.jks to Client's truststore
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-88:
----------------------------------------------
Fix Version/s: (was: 1.3)
1.4
Set Fix version to 1.4.
> Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
> --------------------------------------------------------------------------------
>
> Key: RAMPART-88
> URL: https://issues.apache.org/jira/browse/RAMPART-88
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: Axis 1.3 Rampart 1.3 Windows 2K
> Reporter: Jon Hanshew
> Fix For: 1.4
>
>
> The client runs when it installs client.jks in its truststore, but it is misleading. The client must decide whether to trust the service, not itself. When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service. For test keys this must be explicit as shown in the example. When I changed the client's truststore to point to service.jks, the sample still worked. Are client.jks and service.jks the same key with different names?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (RAMPART-88) Policy sample "sample-tomcat"
incorrectly adds client.jks to Client's truststore
Posted by "Jon Hanshew (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jon Hanshew closed RAMPART-88.
------------------------------
Resolution: Invalid
Misunderstanding of distinction between key store and certificate.
> Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
> --------------------------------------------------------------------------------
>
> Key: RAMPART-88
> URL: https://issues.apache.org/jira/browse/RAMPART-88
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: Axis 1.3 Rampart 1.3 Windows 2K
> Reporter: Jon Hanshew
> Fix For: 1.3
>
>
> The client runs when it installs client.jks in its truststore, but it is misleading. The client must decide whether to trust the service, not itself. When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service. For test keys this must be explicit as shown in the example. When I changed the client's truststore to point to service.jks, the sample still worked. Are client.jks and service.jks the same key with different names?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.