Default Project CR-8202

Agent 4 should fail when it is set to verify peer and the trusted ca certificates file cannot be...

Closed on 17 Sep 15

  •  
  •  
  •  
  •  
  • Author & Moderator
  • Reviewers
    • Reviewer completed
    • Reviewer completed
    • Reviewer completed

CR-8202 9

Keyboard shortcuts  
Summarize the review outcomes (optional)
 
#permalink

Details

Warning: no files are visible, they have all been filtered.
Participant Role Time Spent Comments Latest Comment
Author & Moderator 12m 1 I think I need to cause this error if (after line 638) th...
Reviewer - Complete 12m 4 Marking as complete pending a decision on using system ro...
Reviewer - Complete 19m    
Reviewer - Complete 4m 4 Not with OpenSSL, unfortunately.
Total   47m 9  
#permalink

Objectives

This fixes problem where the com.sun.identity.agents.config.trust.server.certs property is unset, and the trusted ca certs file is not present or not loaded. The tls/ssl connection is expected to fail but doesn't.

OpenSSL does not seem to fail the handshake when the file fails to load, even when it is set to VERIFY_PEER; so we will return an error in am_connect_ssl() before the handshake.

Iteration 2: this will cause the error if trust.server.certs is false (verify peer certs) and trusted ca file is not present OR not specified.

#permalink

Summary

This fix was incorporated into OPENAM-6859, so I'm closing this review.

#permalink

Issues Raised From Comments

Key Summary State Assignee
#permalink

General Comments

14 Sep 15

Mareks Malnačs says:

LGTM.

15 Sep 15

Charles Sparey says:

Marking as complete pending a decision on using system root certificate stores with 'trusted body' certificates such as thwate ot verisign.

/source/net_client_ssl.c Changed   5
Open in IDE #permalink
/source/net_client_ssl.c Changed   2
Open in IDE #permalink

Review updated: Reload | Ignore | Collapse

You cannot reload the review while writing a comment.

Create Issue

X
Assign To Me

Log time against