"EasySSLProtocolSocketFactory" allows successful SSL handshake even though the client's truststore do not contain server keys
Issue
- We are using
https_2way_ssl
quickstart from JBoss Enterprise SOA-P installation for connecting to an HTTPS endpoint (Webservice as shown below) from within ESB with the help ofSOAPProxy
action as shown below.
<action class="org.jboss.soa.esb.actions.soap.proxy.SOAPProxy" name="proxy">
<property name="wsdl" value="classpath:///META-INF/webservice.wsdl"/>
<property name="file" value="/META-INF/httpclient-8443.properties"/>
<property name="clientCredentialsRequired" value="false"/>
<property name="MappedHeaderList" value="Content-Type, Accept, Authorization, SOAPAction, Accept-Encoding"/>
<property name="method" value="POST"/>
</action>
We configured the truststore
, truststore-passw
, keystore
, keystore-passw
, protocol-socket-factory
in the httpclient-8443.properties
file as shown below.
max-total-connections=1000
max-connections-per-host=200
protocol-socket-factory=org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory
keystore=file://$PATH_TO/keystore.dat
keystore-passw=*****
truststore=file://$PATH_TO/new-empty-truststore
truststore-passw=*****
The problem is that even though we have not imported the public certificate (or the CA certificate) of the HTTPS endpoint into mentioned truststore in the properties file we see that the SSL handshake successful.
Can you please explain why is this happening and suggest a work around?
Environment
- JBoss Enterprise Service Oriented Architecture Platform (SOA-P)
- 5.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.