Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5236

[Migration operation] [Web to Undertow] SSL configuration - verify client attribute value is not properly migrated

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 10.0.0.CR2
    • 10.0.0.Beta2, 10.0.0.CR1
    • Web (Undertow)
    • None
    • Hide

      As Web subsystem snippet use 

      <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host">
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
        <ssl password="tomcat" ca-certificate-password="tomcat" verify-client="false"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true" default-web-module="ROOT.war">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

      and run /subsystem/web:migrate() on started server in admin-only mode.

      Show
      As Web subsystem snippet use <subsystem xmlns= "urn:jboss:domain:web:2.2" default-virtual-server= "default-host" > <connector name= "https" protocol= "HTTP/1.1" scheme= "https" socket-binding= "https" secure= "true" > <ssl password= "tomcat" ca-certificate-password= "tomcat" verify-client= "false" /> </connector> <virtual-server name= "default-host" enable-welcome-root= "true" default-web-module= "ROOT.war" > <alias name= "localhost" /> <alias name= "example.com" /> </virtual-server> </subsystem> and run /subsystem/web:migrate() on started server in admin-only mode.

    Description

      In web there exists different options for verify-client attribute of ssl configuration [1] than values which are allowed to be defined as part of https-listener (REQUIRED, REQUESTED, NOT_REQUESTED).

      Currently the migration operation fails as the value isn't converted to equivalent value accepted by Undertow.

      [1]

       <xs:attribute name="verify-client" default="none">
            <xs:annotation>
                <xs:documentation>
                    that is OpenSSL SSLVerifyClient (optional,require,optionalNoCA,none) and clientAuth (true=require/false=none)
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-923 [Migration operation] [Web to Undertow] SSL configuration - verify client attribute value is not properly migrated

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              sdouglas1@redhat.com Stuart Douglas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: