Build #3,018

Plan branch:
Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).

Build: #3018 was successful Changes by daryl herzmann

Stages & jobs

  1. Default Stage

  2. Continuous Integration

Code commits

Openfire (master)

  • daryl herzmann

    daryl herzmann f1571a7329f73a433367951afa382d8dde8148b5

    Merge pull request #3357 from guusdk/OF-3122_Stop-enabling-cn-mapping-by-default
    OF-3122: Stop using Common Name based identities by default

  • Guus der Kinderen

    Guus der Kinderen 6b97543cab310c6979dce8a6e66f9a804732b212 m

    OF-3122: Adjust test to no longer expect Common Name identities to be returned by default

    • xmppserver/src/test/java/org/jivesoftware/util/CertificateManagerTest.java (version 6b97543cab310c6979dce8a6e66f9a804732b212)
  • Guus der Kinderen

    Guus der Kinderen be7f86a8a4bbeb220bb9b191f07a464dea5294b0 m

    OF-3122: Update test fixture to not use a cert with only a Common Name based identity
    As Openfire no longer, by default, uses Common Name based identies (see the previous commit), our tests should no longer use certificates that are based on them.

    This commit changes a certificate used for testing, by adding a Subject Alternate Name.

    • xmppserver/src/test/java/org/jivesoftware/Fixtures.java (version be7f86a8a4bbeb220bb9b191f07a464dea5294b0)
  • Guus der Kinderen

    Guus der Kinderen 293e9ace80946e440dc398b458c0bd6ba8db427d m

    OF-3122: Stop using Common Name based identities by default
    When dealing with certificates used for authentication (SASL EXTERNAL / mutual authentication) Openfire should no longer offer, by default, the functionality to obtain an identify from Common Name attributes.

    Common Name usage was supposedly phased on in 2017 and CAB Forum compliant CAs do not allow users to arbitrarily pick Subject RDNs at all.

    Furthermore, CAB Forum CAs always include a SAN as nothing is supposed to be using CommonName at all.

    This commit removes this functionality from being enabled _by default_. It can be restored by adding the mapper disabled by this commit in the relevant properties:

    - `provider.serverCertIdentityMap.classList` (for server-to-server / federation)
    - `provider.clientCertIdentityMap.classList` (for client based mutual auth)

    • xmppserver/src/main/java/org/jivesoftware/util/CertificateManager.java (version 293e9ace80946e440dc398b458c0bd6ba8db427d)