Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.2.0.CD12
Affects Version/s: 7.1.0.DR12
Component/s: Security
Labels:
- authentication
- eap72
- entity
- sasl
- static_analysis

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.2.0.CD12
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/967

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Coverity found field EntitySaslClient.clientCertUrl is never filled. So probably initially intended behavior in X509Certificate getClientCertificate() method is not covered.

    private X509Certificate getClientCertificate() throws SaslException {
        if ((clientCertChain != null) && (clientCertChain.length > 0)) {
            return clientCertChain[0];
        } else if (clientCertUrl != null) {
            try {
                return EntityUtil.getCertificateFromUrl(clientCertUrl);
            } catch (IOException e) {
                throw log.mechUnableToObtainServerCertificate(getMechanismName(), clientCertUrl.toString(), e).toSaslException();
            }
        } else {
            throw log.mechCallbackHandlerNotProvidedServerCertificate(getMechanismName()).toSaslException();
        }
    }

is cloned by

ELY-963 Coverity static analysis, Unwritten field, EntitySaslClient.clientCertUrl (Elytron)

Resolved

is incorporated by

JBEAP-12932 Upgrade WildFly Core to 4.0.1.Final

Closed

Assignee:: Ilia Vassilev

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2017/02/14 3:44 AM

Updated:: 2024/09/02 4:48 PM

Resolved:: 2017/11/07 10:29 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates