Uploaded image for project: 'OpenSAML - Java'
  1. OpenSAML - Java
  2. OSJ-265

TLS socket factory clears client TLS credential too early

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.0, 3.4.1, 3.4.2
    • Fix Version/s: 3.4.3
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      Multiple
    • Java Version:
      Oracle Java 8
    • Servlet Container:
      Apache Tomcat 8

      Description

      I am trying to use the rest data connector with a client certificate. I never see the idp attempting to use the provided cert. This is using javax.net debug and debug log on org.apache.http, etc.
      Something I notice in SecurityEnhancedTLSSocketFactory.java (from github source) is that the third SecurityEnhancedTLSSocketFactory constructor does not call its parent constructor. The others do.

      I've otherwise done a lot of testing around it. The certs and target work fine with my own data connector, that use many of the same apache.http tools as you, but not in such a byzantine manner.

      If you have other ideas where I might investigate please let me know.
      Thanks,
      Jim

        Attachments

        1. cert.log
          6 kB
          Jim Fox

          Issue Links

            Activity

              People

              Assignee:
              putmanb@shibboleth.net Brent Putman
              Reporter:
              fox@washington.edu Jim Fox
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 45 minutes
                  45m