Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-10127

CXF http-undertow transport does not work with mutual SSL when setting both want and required attributes to true

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: fuse-7.2
    • Fix Version/s: fuse-7.3
    • Component/s: CXF
    • Labels:
      None
    • Sprint:
      Fuse 7.3 Sprint 42 - Bug fix
    • Steps to Reproduce:
      Hide

      1. build the "camel-cxf-https-undertow" project and deploy it to Fuse 7.2 container;
      2. make sure to either copy server.jks to your local file system /local/certs/ folder or create your own self-signed certs and copy it over to the same /local/certs/ folder;
      3. start client using "curl" command like:

      curl -X POST -H "Content-Type: application/xml" -d @request.xml https://localhost:9001/person -k -v
      

      note, the request.xml file should be located on the same folder.
      4. The "curl" command should work fine when setting want="true" required="true" while the "curl" command should fail when setting want="false" required="true".

      Show
      1. build the "camel-cxf-https-undertow" project and deploy it to Fuse 7.2 container; 2. make sure to either copy server.jks to your local file system /local/certs/ folder or create your own self-signed certs and copy it over to the same /local/certs/ folder; 3. start client using "curl" command like: curl -X POST -H "Content-Type: application/xml" -d @request.xml https: //localhost:9001/person -k -v note, the request.xml file should be located on the same folder. 4. The "curl" command should work fine when setting want="true" required="true" while the "curl" command should fail when setting want="false" required="true".

      Description

      When configuring CXF http-undertow transport to establish mutual SSL with configs

      <sec:clientAuthentication want="true" required="true" />
      

      The server side does not ask for client certificate.

      However, server side does ask for client certificate for establishing mutual SSL when setting

      <sec:clientAuthentication want="false" required="true" />
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ffang Freeman(Yue) Fang
                Reporter:
                joe.luo Joe Luo
                Tester:
                Viliam Kasala
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: