You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2016/09/20 05:57:20 UTC
[jira] [Commented] (FELIX-4797) Enable client certificate
requesting without verifying the certificates
[ https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15505693#comment-15505693 ]
Carsten Ziegeler commented on FELIX-4797:
-----------------------------------------
[~pascal.mainini] Did the suggestion from [~jajans] work for you?
> Enable client certificate requesting without verifying the certificates
> -----------------------------------------------------------------------
>
> Key: FELIX-4797
> URL: https://issues.apache.org/jira/browse/FELIX-4797
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Pascal Mainini
> Priority: Minor
> Labels: patch
> Attachments: 0001-Patch-enabling-client-certificate-authentication-wit.patch, enabling-sslContext-services.patch
>
>
> This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale:
> Enabling requests of client certificates by setting "org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed.
> The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself.
> For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)