[OSJ-265] TLS socket factory clears client TLS credential too early - Shibboleth JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0, 3.4.1, 3.4.2
Fix Version/s: 3.4.3
Component/s: Security
Labels:
None

Operating System:
Multiple
Java Version:
Oracle Java 8
Servlet Container:
Apache Tomcat 8

Description

I am trying to use the rest data connector with a client certificate. I never see the idp attempting to use the provided cert. This is using javax.net debug and debug log on org.apache.http, etc.
Something I notice in SecurityEnhancedTLSSocketFactory.java (from github source) is that the third SecurityEnhancedTLSSocketFactory constructor does not call its parent constructor. The others do.

I've otherwise done a lot of testing around it. The certs and target work fine with my own data connector, that use many of the same apache.http tools as you, but not in such a byzantine manner.

If you have other ideas where I might investigate please let me know.
Thanks,
Jim

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

cert.log
23/Jan/19 11:35 PM
6 kB
Jim Fox

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Brent Putman

Reporter:: Jim Fox

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Jan/19 9:19 PM

Updated:: 29/Apr/19 9:29 PM

Resolved:: 23/Mar/19 12:20 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Not Specified

Logged:

45m