Guillaume Nodet (JIRA <jira@...> writes:
>
>
> [
>
https://issues.apache.org/activemq/browse/SM-1308?
page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Guillaume Nodet updated SM-1308:
> --------------------------------
>
> Fix Version/s: servicemix-cxf-bc-2008.01
>
> > CxfBcProviderSecurityTest test failed
> > -------------------------------------
> >
> > Key: SM-1308
> > URL:
https://issues.apache.org/activemq/browse/SM-1308> > Project: ServiceMix
> > Issue Type: Test
> > Components: servicemix-cxf-bc
> > Reporter: Freeman Fang
> > Assignee: Freeman Fang
> > Fix For: 3.2.2, 3.3, servicemix-cxf-bc-2008.01
> >
> >
> > this test failed caused by recent change in cxf
> > we need add disableCNCheck="true" to tlsClientParameters to allow to use
localhost during test
> > paste the related comment from cxf wiki
> > "The TLSClientParameters are listed here and here. A new feature starting
in CXF 2.0.5 is the
> disableCNcheck attribute for this element. It defaults to false, indicating
that the hostname given in
> the HTTPS URL will be checked against the service's Common Name (CN) given in
its certificate during SOAP
> client requests, and failing if there is a mismatch. If set to true (not
recommended for production use),
> such checks will be bypassed. That will allow you, for example, to use a URL
such as localhost during development."
>
Hi ,
It is said that adding disableCNCheck="true" to tlsClientParameters is not
recommended in production use .... if that is the case how do we proceed furthr
in bypassing the common name check in production........
what would be the possible options ...
Locked
