Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1271

Elytron server-ssl-context should not use default value when referenced security-domain cannot be used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.CR3
    • 1.1.0.Beta52
    • None
    • None

      When security-domain from server-ssl-context cannot verify X509PeerCertificateChainEvidence then server-ssl-context should rather fail then use some default for X509TrustManager in [1]. It causes that misconfiguration in security domain is masked.

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/656354343e7e28fdee47ab58a03c1cf7042abd55/src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java#L341

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: