You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2010/08/12 20:10:20 UTC

[jira] Resolved: (CXF-2863) When 'useHttpsURLConnectionDefaultSslSocketFactory' is true, the 'trustManagers' configuration is not truly ignored

     [ https://issues.apache.org/jira/browse/CXF-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-2863.
------------------------------

         Assignee: Daniel Kulp
    Fix Version/s: 2.2.10
       Resolution: Fixed

> When 'useHttpsURLConnectionDefaultSslSocketFactory'  is true, the 'trustManagers' configuration is not truly ignored
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2863
>                 URL: https://issues.apache.org/jira/browse/CXF-2863
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.2.9
>         Environment: Spring Framework 3.x
>            Reporter: jdu
>            Assignee: Daniel Kulp
>            Priority: Minor
>             Fix For: 2.2.10
>
>
> According to documentation when 'useHttpsURLConnectionDefaultSslSocketFactory'  is true, the 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored. 
> But, invalid 'trustManagers' (missing truststore file for example) leads to error.
> While this parameter has been added to easily disable SSL verification while being on testing/development phases.
> As far as, a valid 'truststore' file need to be provided, the main objective (easy setup) is not reach.
> Expected behavior: when 'useHttpsURLConnectionDefaultSslSocketFactory'  is true, the 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are completely ignored (invalid or incomplete configuration).
> I suggest to fix it in 'TLSClientParametersConfig' by quickly return out of the function 'createTLSClientParametersFromType'  when "params.isUseHttpsURLConnectionDefaultSslSocketFactory()" is true.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.