Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1271

Elytron server-ssl-context should not use default value when referenced security-domain cannot be used

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 1.1.0.Beta52
    • Fix Version/s: 1.1.0.CR3
    • Component/s: None
    • Labels:
      None

      Description

      When security-domain from server-ssl-context cannot verify X509PeerCertificateChainEvidence then server-ssl-context should rather fail then use some default for X509TrustManager in [1]. It causes that misconfiguration in security domain is masked.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/656354343e7e28fdee47ab58a03c1cf7042abd55/src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java#L341

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  olukas Ondrej Lukas
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: