View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004777 | Compliance Test Tool (CTT) Unified Architecture | 1 - Script Issue | public | 2019-06-07 09:47 | 2020-07-09 14:45 |
| Reporter | Frank Fischer | Assigned To | Alexander Allmendinger | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.03.341.389 | ||||
| Fixed in Version | 1.03.341.390 | ||||
| Summary | 0004777: CTT uses wrong ServerCertificate | ||||
| Description | The GetEndpoints service returns an array of EndpointDescriptions with each of them having their own serverCertificate. Many servers use the same certificate in all of these description, but it is still possible to have different certificates in different EndpointDescriptions. The CTT however has some kind of caching mechanism in OpenSecureChannel.js, the certificate of the EndpointDescription used in the very first SecureChannel of the run is stored to gServerCapabilities.ServerCertificate and used for all subsequent connections. | ||||
| Steps To Reproduce | This happens with the HP SDK demoserver when running a conformance unit which requires encryption like Security/Security Basic 256Sha256, here in the beforeTest.js the certificate of the None EndpointDescription is cached and used in the actual test for the SecureChannel with Basic256Sha256 encryption, which has a different certificate configured. | ||||
| Tags | No tags attached. | ||||
| Files Affected | |||||
| has duplicate | 0004817 | closed | Alexander Allmendinger | Security User Name Password 002 + 011 / Session Base Err-001+Err-002+Err-003+Err-005: fail when None security mode is set for SC |
|
|
The CTT was storing the Server Certificate of the default SecurityPolicy defined by the settings. Because several test scripts are using different endpoints and these endpoints can need different certificates it was needed to use the certificate provided for each endpoint. |
|
|
Reviewed in CMP call |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-06-07 09:47 | Frank Fischer | New Issue | |
| 2019-06-13 14:52 | Alexander Allmendinger | Assigned To | => Alexander Allmendinger |
| 2019-06-13 14:52 | Alexander Allmendinger | Status | new => assigned |
| 2019-11-04 14:48 | Alexander Allmendinger | Relationship added | has duplicate 0004817 |
| 2019-11-04 14:48 | Alexander Allmendinger | Status | assigned => resolved |
| 2019-11-04 14:48 | Alexander Allmendinger | Resolution | open => fixed |
| 2019-11-04 14:48 | Alexander Allmendinger | Fixed in Version | => 1.03.341.390 |
| 2019-11-04 14:48 | Alexander Allmendinger | Note Added: 0011192 | |
| 2020-07-09 14:45 | Paul Hunkar | Status | resolved => closed |
| 2020-07-09 14:45 | Paul Hunkar | Note Added: 0012577 |
