You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Reto Gmür (JIRA)" <ji...@apache.org> on 2015/03/17 16:52:38 UTC

[jira] [Comment Edited] (FELIX-4797) Enable client certificate requesting without verifying the certificates

    [ https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14365373#comment-14365373 ] 

Reto Gmür edited comment on FELIX-4797 at 3/17/15 3:52 PM:
-----------------------------------------------------------

enabling-sslContext-services.patch is a a simple patch to allow injection of an SSLContext by providing it as a service. As the discussion at http://mail-archives.apache.org/mod_mbox/felix-dev/201503.mbx/%3CE60B1816-032F-4F11-9345-171FB06E92C4@luminis.eu%3E indicates a preference for configurability via services rather than just the risky option to disable validation all together. With this patch it is left to another bundle to provide an SSLContext that disables certificate validation.


was (Author: reto):
enabling-sslContext-services.patch is a A simple patch to allow injection of an SSLContext by providing it as a service. As the discussion at http://mail-archives.apache.org/mod_mbox/felix-dev/201503.mbx/%3CE60B1816-032F-4F11-9345-171FB06E92C4@luminis.eu%3E indicates a preference for configurability via services rather than just the risky option to disable validation all together. With this patch it is left to another bundle to provide an SSLContext that disables certificate validation.

> Enable client certificate requesting without verifying the certificates
> -----------------------------------------------------------------------
>
>                 Key: FELIX-4797
>                 URL: https://issues.apache.org/jira/browse/FELIX-4797
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>            Reporter: Pascal Mainini
>            Priority: Minor
>              Labels: patch
>         Attachments: 0001-Patch-enabling-client-certificate-authentication-wit.patch, enabling-sslContext-services.patch
>
>
> This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale:
> Enabling requests of client certificates by setting "org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed. 
> The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself.
> For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)