"EasySSLProtocolSocketFactory" allows successful SSL handshake even though the client's truststore do not contain server keys
Issue
- We are using
https_2way_sslquickstart from JBoss Enterprise SOA-P installation for connecting to an HTTPS endpoint (Webservice as shown below) from within ESB with the help ofSOAPProxyaction as shown below.
<action class="org.jboss.soa.esb.actions.soap.proxy.SOAPProxy" name="proxy">
<property name="wsdl" value="classpath:///META-INF/webservice.wsdl"/>
<property name="file" value="/META-INF/httpclient-8443.properties"/>
<property name="clientCredentialsRequired" value="false"/>
<property name="MappedHeaderList" value="Content-Type, Accept, Authorization, SOAPAction, Accept-Encoding"/>
<property name="method" value="POST"/>
</action>
We configured the truststore, truststore-passw, keystore, keystore-passw, protocol-socket-factory in the httpclient-8443.properties file as shown below.
max-total-connections=1000
max-connections-per-host=200
protocol-socket-factory=org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory
keystore=file://$PATH_TO/keystore.dat
keystore-passw=*****
truststore=file://$PATH_TO/new-empty-truststore
truststore-passw=*****
The problem is that even though we have not imported the public certificate (or the CA certificate) of the HTTPS endpoint into mentioned truststore in the properties file we see that the SSL handshake successful.
Can you please explain why is this happening and suggest a work around?
Environment
- JBoss Enterprise Service Oriented Architecture Platform (SOA-P)
- 5.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
