Menu
▾
▴
[ebxmlms-general] fixed a potential problem in hermes when using self signed certificate
|
From: Patrick Y. <kc...@ce...> - 2005-03-19 02:00:32
|
Hello, please note that we have committed an update to the CVS head. The fix is to reject all messages which are signed by self-signed certificates attached in the ebXML message in the course of validating digital certificate. So the fix does not affect the ones who is using CertResolver. Here is the commit log: 2005-03-18: kcyee: added the rejection of self signed cert. this is to prevent a potential problem when somebody used a self signed cert to spoof hermes with some correct applicaton context. therefore from now on, one should use a CA to sign all certificates, and the cert of the CA must be imported into the trustanchor keystore for hermes to validate. of course, this is not a perfect solution for authorization. if strict authorization is needed, the user is recommended to use CertResolver to implement his own authorization mechanism. Regards, -Patrick |
