You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Jon Hanshew (JIRA)" <ji...@apache.org> on 2007/09/19 20:22:12 UTC

[jira] Created: (RAMPART-88) Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore

Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
--------------------------------------------------------------------------------

                 Key: RAMPART-88
                 URL: https://issues.apache.org/jira/browse/RAMPART-88
             Project: Rampart
          Issue Type: Bug
          Components: rampart-policy
    Affects Versions: 1.3
         Environment: Axis 1.3 Rampart 1.3 Windows 2K
            Reporter: Jon Hanshew
             Fix For: 1.3


The client runs when it installs client.jks in its truststore, but it is misleading.  The client must decide whether to trust the service, not itself.  When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service.  For test keys this must be explicit as shown in the example.  When I changed the client's truststore to point to service.jks, the sample still worked.  Are client.jks and service.jks the same key with different names? 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (RAMPART-88) Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore

Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nandana Mihindukulasooriya updated RAMPART-88:
----------------------------------------------

    Fix Version/s:     (was: 1.3)
                   1.4

Set Fix version to 1.4. 

> Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
> --------------------------------------------------------------------------------
>
>                 Key: RAMPART-88
>                 URL: https://issues.apache.org/jira/browse/RAMPART-88
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.3
>         Environment: Axis 1.3 Rampart 1.3 Windows 2K
>            Reporter: Jon Hanshew
>             Fix For: 1.4
>
>
> The client runs when it installs client.jks in its truststore, but it is misleading.  The client must decide whether to trust the service, not itself.  When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service.  For test keys this must be explicit as shown in the example.  When I changed the client's truststore to point to service.jks, the sample still worked.  Are client.jks and service.jks the same key with different names? 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (RAMPART-88) Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore

Posted by "Jon Hanshew (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-88?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Hanshew closed RAMPART-88.
------------------------------

    Resolution: Invalid

Misunderstanding of distinction between key store and certificate.

> Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
> --------------------------------------------------------------------------------
>
>                 Key: RAMPART-88
>                 URL: https://issues.apache.org/jira/browse/RAMPART-88
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.3
>         Environment: Axis 1.3 Rampart 1.3 Windows 2K
>            Reporter: Jon Hanshew
>             Fix For: 1.3
>
>
> The client runs when it installs client.jks in its truststore, but it is misleading.  The client must decide whether to trust the service, not itself.  When the service offers a certificate during the ssl handshake, the client must decide whether to trust the service.  For test keys this must be explicit as shown in the example.  When I changed the client's truststore to point to service.jks, the sample still worked.  Are client.jks and service.jks the same key with different names? 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.