Project

General

Profile

Task #2478

Bug #2411: knb MNs and CNs allow self-signed certificates to connect

testConnectionLayer_SelfSignedCert() failing

Added by Ben Leinfelder over 9 years ago. Updated about 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Target version:
Start date:
2012-03-13
Due date:
% Done:

0%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

testConnectionLayer_SelfSignedCert is failing -- it assumes calling the service with a self-signed certificate will throw a ServiceFailure

History

#1 Updated by Ben Leinfelder over 9 years ago

  • Status changed from New to Closed

added @Ignore to the test - ping() does not take an auth parameter and should not be tested as such

#2 Updated by Rob Nahf over 9 years ago

  • Parent task changed from #2429 to #2411

#3 Updated by Rob Nahf over 9 years ago

  • Status changed from Closed to In Progress

rewrote the test to use isAuthorized() instead of ping(). Test still fails, meaning a self-signed cert currently is authorized to read private data.

#4 Updated by Ben Leinfelder over 8 years ago

  • Status changed from In Progress to Rejected
  • translation missing: en.field_remaining_hours set to 0.0

Looking at the test, I don't believe the client using a self-signed certificate is allowed access to private data. Just because there is no ServiceFailure doesn't mean access has been granted. Only a NotAuthorized exception can conclusively tell us that.
If the Node that is being called does not trust the signer of the self-signed certificate then it will be treated as a public call. We cannot prescribe which CAs any MN chooses to trust and therefore can't really make a test to enforce this.
Perhaps the test should be written to use a private object so as to ensure that the access to it is not authorized to a public (e.g., self-signed certificate) user.

#5 Updated by Dave Vieglais about 7 years ago

  • Target version set to Release Backlog

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)