You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Naresh <it...@gmail.com> on 2011/12/10 09:21:18 UTC

Re: [jira] Updated: (SM-1308) CxfBcProviderSecurityTest test failed

Guillaume Nodet (JIRA <ji...@...> writes:

> 
> 
>      [
> https://issues.apache.org/activemq/browse/SM-1308?
page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
> 
> Guillaume Nodet updated SM-1308:
> --------------------------------
> 
>     Fix Version/s: servicemix-cxf-bc-2008.01
> 
> > CxfBcProviderSecurityTest test failed
> > -------------------------------------
> >
> >                 Key: SM-1308
> >                 URL: https://issues.apache.org/activemq/browse/SM-1308
> >             Project: ServiceMix
> >          Issue Type: Test
> >          Components: servicemix-cxf-bc
> >            Reporter: Freeman Fang
> >            Assignee: Freeman Fang
> >             Fix For: 3.2.2, 3.3, servicemix-cxf-bc-2008.01
> >
> >
> > this test failed caused by recent change in cxf
> > we need add disableCNCheck="true" to tlsClientParameters to allow to use 
localhost during test
> > paste the related comment from cxf wiki
> > "The TLSClientParameters are listed here and here. A new feature starting 
in CXF 2.0.5 is the
> disableCNcheck attribute for this element. It defaults to false, indicating 
that the hostname given in
> the HTTPS URL will be checked against the service's Common Name (CN) given in 
its certificate during SOAP
> client requests, and failing if there is a mismatch. If set to true (not 
recommended for production use),
> such checks will be bypassed. That will allow you, for example, to use a URL 
such as localhost during development."
> 




Hi ,

It is said that adding disableCNCheck="true" to tlsClientParameters is not 
recommended in production use .... if that is the case how do we proceed furthr 
in bypassing the common name check in production........

what would be the possible options ...