Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-923

[Migration operation] [Web to Undertow] SSL configuration - verify client attribute value is not properly migrated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.0.0.DR11
    • 7.0.0.DR9, 7.0.0.DR10
    • Migration, Undertow
    • None
    • Hide

      As Web subsystem snippet use 

      <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host">
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
        <ssl password="tomcat" ca-certificate-password="tomcat" verify-client="false"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true" default-web-module="ROOT.war">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

      and run /subsystem/web:migrate() on started server in admin-only mode.

      Show
      As Web subsystem snippet use <subsystem xmlns= "urn:jboss:domain:web:2.2" default-virtual-server= "default-host" > <connector name= "https" protocol= "HTTP/1.1" scheme= "https" socket-binding= "https" secure= "true" > <ssl password= "tomcat" ca-certificate-password= "tomcat" verify-client= "false" /> </connector> <virtual-server name= "default-host" enable-welcome-root= "true" default-web-module= "ROOT.war" > <alias name= "localhost" /> <alias name= "example.com" /> </virtual-server> </subsystem> and run /subsystem/web:migrate() on started server in admin-only mode.

      In web there exists different options for verify-client attribute of ssl configuration [1] than values which are allowed to be defined as part of https-listener (REQUIRED, REQUESTED, NOT_REQUESTED).

      Currently the migration operation fails as the value isn't converted to equivalent value accepted by Undertow.

      [1]

       <xs:attribute name="verify-client" default="none">
            <xs:annotation>
                <xs:documentation>
                    that is OpenSSL SSLVerifyClient (optional,require,optionalNoCA,none) and clientAuth (true=require/false=none)
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>

            sdouglas1@redhat.com Stuart Douglas
            rhatlapa@redhat.com Radim Hatlapatka (Inactive)
            Radim Hatlapatka Radim Hatlapatka (Inactive)
            Radim Hatlapatka Radim Hatlapatka (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: