Bug #2411: knb MNs and CNs allow self-signed certificates to connect
testConnectionLayer_SelfSignedCert is failing -- it assumes calling the service with a self-signed certificate will throw a ServiceFailure
#4 Updated by Ben Leinfelder over 8 years ago
- Status changed from In Progress to Rejected
- translation missing: en.field_remaining_hours set to 0.0
Looking at the test, I don't believe the client using a self-signed certificate is allowed access to private data. Just because there is no ServiceFailure doesn't mean access has been granted. Only a NotAuthorized exception can conclusively tell us that.
If the Node that is being called does not trust the signer of the self-signed certificate then it will be treated as a public call. We cannot prescribe which CAs any MN chooses to trust and therefore can't really make a test to enforce this.
Perhaps the test should be written to use a private object so as to ensure that the access to it is not authorized to a public (e.g., self-signed certificate) user.