Guillaume Nodet (JIRA <jira@...> writes: > > > [ > https://issues.apache.org/activemq/browse/SM-1308? page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] > > Guillaume Nodet updated SM-1308: > -------------------------------- > > Fix Version/s: servicemix-cxf-bc-2008.01 > > > CxfBcProviderSecurityTest test failed > > ------------------------------------- > > > > Key: SM-1308 > > URL: https://issues.apache.org/activemq/browse/SM-1308 > > Project: ServiceMix > > Issue Type: Test > > Components: servicemix-cxf-bc > > Reporter: Freeman Fang > > Assignee: Freeman Fang > > Fix For: 3.2.2, 3.3, servicemix-cxf-bc-2008.01 > > > > > > this test failed caused by recent change in cxf > > we need add disableCNCheck="true" to tlsClientParameters to allow to use localhost during test > > paste the related comment from cxf wiki > > "The TLSClientParameters are listed here and here. A new feature starting in CXF 2.0.5 is the > disableCNcheck attribute for this element. It defaults to false, indicating that the hostname given in > the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP > client requests, and failing if there is a mismatch. If set to true (not recommended for production use), > such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development." >
Hi , It is said that adding disableCNCheck="true" to tlsClientParameters is not recommended in production use .... if that is the case how do we proceed furthr in bypassing the common name check in production........ what would be the possible options ...
