Ssl mutual authentication implementation #201
Conversation
|
Windows .Net Framework Tests FAILed. |
|
Windows Net Core Tests PASSed. |
|
Linux Net Core Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
cfbea03 to
a28cd08
Compare
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests FAILed. |
|
verify |
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
a28cd08 to
9ceadad
Compare
|
Linux Net Core Tests FAILed. |
1 similar comment
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests FAILed. |
|
Linux Net Core Tests FAILed. |
|
Windows .Net Framework Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
9ceadad to
8fdec65
Compare
|
Windows .Net Framework Tests FAILed. |
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
8fdec65 to
f2d8da1
Compare
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
f2d8da1 to
aea6c13
Compare
|
Windows .Net Framework Tests FAILed. |
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests FAILed. |
|
Windows .Net Framework Tests FAILed. |
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests PASSed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
4f0d795 to
19687d8
Compare
|
Linux Net Core Tests FAILed. |
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests PASSed. |
| Client = HazelcastClient.NewHazelcastClient(clientConfig); | ||
| } | ||
|
|
||
| private static SSLConfig CreateSslConfig(bool isSslEnabled, bool? validateCertificateChain, bool? validateCertificateName, |
There was a problem hiding this comment.
bool?
What is the purpose of making a bool Nullable?
There was a problem hiding this comment.
null represents default values of the related configuration
| sslStream.AuthenticateAsClient(certificateName, clientCertificates, enabledSslProtocols, checkCertificateRevocation); | ||
| if (!sslStream.IsMutuallyAuthenticated && clientCertificates.Count > 0) | ||
| { | ||
| throw new CryptographicException("Mutual authentication failed."); |
There was a problem hiding this comment.
What if the mutual authentication is not set in the member side but the client provided a client certificate ? It is clearly a configuration mismatch but there is nothing wrong in this scenario apart from that. Also, java client doesn't fail with this type of configuration.
There was a problem hiding this comment.
I will add a test
There was a problem hiding this comment.
.net framework and net core behaviors are different so I'll remove the check.
| { | ||
| /// <summary> | ||
| /// Certifate Name; CN part of the Certificate Subject. | ||
| /// Certificate Name; CN part of the Certificate Subject. |
There was a problem hiding this comment.
What about the SAN field ? Can the client validate certificates which doesn't have a CN but SAN field ?
There was a problem hiding this comment.
This is builtin supported by .NET. I'll fix the doc
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
19687d8 to
a76e162
Compare
|
Linux Net Core Tests FAILed. |
|
Windows .Net Framework Tests FAILed. |
|
Windows Net Core Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
a76e162 to
3d13048
Compare
|
Linux Net Core Tests PASSed. |
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests PASSed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
3d13048 to
8fa1511
Compare
|
Linux Net Core Tests PASSed. |
|
Windows Net Core Tests FAILed. |
|
Windows .Net Framework Tests FAILed. |
asimarslan
force-pushed
the
feature/ssl-mutual
branch
from
8fa1511 to
0c100d4
Compare
|
Linux Net Core Tests PASSed. |
|
Windows Net Core Tests PASSed. |
|
Windows .Net Framework Tests PASSed. |
Client SSL/TLS mutual authentication support implementation and tests