[standalone] Peppol certificate validation not working #682
Replies: 7 comments 8 replies
-
@karelkryda : Here is screenshot which mention Oxalis successfully passed all tests under eDELIVERY TEST SUITE including "TC2A.4: Invalid certificate handling" using Oxalis/Oxalis-AS4 version 6.5.0 with Audit ID: 1467:262 https://github.com/OxalisCommunity/oxalis/wiki/OpenPeppol-Testbed-and-Accreditation Oxalis check "revoked" and "expired" certificate while sending and fail delivery with proper error message e.g. "Certificate is revoked" Please check whether you are bypassing certificate validation Also please attach complete logs which you promised but Not shared. |
Beta Was this translation helpful? Give feedback.
-
Hi @aaron-kumar,
|
Beta Was this translation helpful? Give feedback.
-
@aaron-kumar, any news? |
Beta Was this translation helpful? Give feedback.
-
Hi @karelkryda |
Beta Was this translation helpful? Give feedback.
-
@aaron-kumar, may I ask why the issue has been transferred to a discussion? Do you have any information about this issue? |
Beta Was this translation helpful? Give feedback.
-
@karelkryda, can you give me one reason to keep it as issue? Oxalis is perfectly throwing "Certificate is revoked" error as part of "TC2A.4: Invalid certificate handling" . See: |
Beta Was this translation helpful? Give feedback.
-
@karelkryda @Robcio35 @aaron-kumar |
Beta Was this translation helpful? Give feedback.
-
Hi,
I would like to report issue with Oxalis standalone component.
When sending a message to the Peppol network, the sender - in this case the Oxalis standalone component - should check the validity of the certificate and reject the message if the certificate is not valid.
This behavior is tested in Peppol Testbed using the
TC2A.4: Invalid certificate handling
test. This test generates three test XML files, the second of which is signed with a revoked certificate. Oxalis should therefore refuse to send this file. Unfortunately, this expected behavior does not happen and Oxalis still performs delivery of this message. The Peppol test in this case ends in an error because sending this message is undesirable and against Peppol security practices.I am attaching here a log dump from the Oxalis standalone component. These are the logs from sending the message signed with a revoked certificate:
Thank you in advance for checking the situation.
Additional information:
Oxalis version:
6.5.0
AS4 plugin version:
6.5.0
Beta Was this translation helpful? Give feedback.
All reactions