axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RAMPART-445) Expired certificates in rampart project
Date Thu, 08 Nov 2018 23:02:00 GMT

    [ https://issues.apache.org/jira/browse/RAMPART-445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16680553#comment-16680553
] 

Andreas Veithen commented on RAMPART-445:
-----------------------------------------

There are two basic principles or best practices relevant here:

* Sources should consist only of human written files. If something needs to be generated,
it should be generated during the build process, not included in the sources.
* Unit tests should be deterministic and not depend on the current time.

Therefore the right solution here would be to generate those certificates during the build
process (so that they always have a validity that covers the test execution). However, I couldn't
figure out how those certificates and corresponding key material was originally generated
and/or how to generate them during the build process. So the next best solution was to effectively
disable validation of the expiry date.

> Expired certificates in rampart project
> ---------------------------------------
>
>                 Key: RAMPART-445
>                 URL: https://issues.apache.org/jira/browse/RAMPART-445
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-integration
>    Affects Versions: 1.6.2
>            Reporter: Svetoslav ILIEV
>            Priority: Major
>             Fix For: 1.7.2
>
>
> We observed expired certificates in Apache Rampart project. Keystores with expired certificates
are located in:
> <rampart_root>\modules\rampart-integration\src\test\resources\rahas\rahas-sts.jks 
> and <rampart_root>\modules\rampart-integration\src\test\resources\rahas\sec.jks
> Other Rampart versions might be also affected.
> Could you please renew the expired certificates?
>  
> Best Regards,
> Svetoslav ILIEV



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message