Pascal Mainini created FELIX-4797:
-------------------------------------
Summary: Enable client certificate requesting without verifying
the certificates
Key: FELIX-4797
URL: https://issues.apache.org/jira/browse/FELIX-4797
Project: Felix
Issue Type: Improvement
Components: HTTP Service
Reporter: Pascal Mainini
Priority: Minor
This is a patch enabling requesting client certificate authentication without
further validation of the certificates provided by the client. Rationale:
Enabling requests of client certificates by setting
"org.apache.felix.https.clientcertificate" to "wants" or "needs" requests a
client-certificate from any connecting client. Depending on the value set, this
is either an optional or mandatory step to be fulfilled by the client in order
to have it's HTTP-request further processed.
The client-certificate obtained is validated against either the CA-certificates
found in the truststore or - if none given - by the server's certificate itself.
For some usecases, this validation is unsuitable or not possible at all, namely
for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization
processed by a servlet within the container.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
