static fun trustClientOnFirstAccess(knownClientsFile: Path!): TrustOptions!
(source)
Accept CA-signed client certificates, and otherwise trust client certificates on first access.
Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
knownClientsFile
- Path!: The path to the file containing fingerprints by common name.
Return
TrustOptions!: A Vert.x TrustOptions
.
static fun trustClientOnFirstAccess(repository: FingerprintRepository!): TrustOptions!
(source)
Accept CA-signed client certificates, and otherwise trust client certificates on first access.
Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
repository
- FingerprintRepository!: The repository containing fingerprints by common name.
Return
TrustOptions!: A Vert.x TrustOptions
.
static fun trustClientOnFirstAccess(knownClientsFile: Path!, acceptCASigned: Boolean): TrustOptions!
(source)
Trust client certificates on first access.
On first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
knownClientsFile
- Path!: The path to the file containing fingerprints by common name.
acceptCASigned
- Boolean: If true
, CA-signed certificates will always be accepted.
Return
TrustOptions!: A Vert.x TrustOptions
.
static fun trustClientOnFirstAccess(repository: FingerprintRepository!, acceptCASigned: Boolean): TrustOptions!
(source)
Trust client certificates on first access.
On first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
repository
- FingerprintRepository!: The repository containing fingerprints by common name.
acceptCASigned
- Boolean: If true
, CA-signed certificates will always be accepted.
Return
TrustOptions!: A Vert.x TrustOptions
.
static fun trustClientOnFirstAccess(knownClientsFile: Path!, tmf: TrustManagerFactory!): TrustOptions!
(source)
Accept CA-signed certificates, and otherwise trust client certificates on first access.
Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
knownClientsFile
- Path!: The path to the file containing fingerprints by common name.
tmf
- TrustManagerFactory!: A TrustManagerFactory
for checking server certificates against a CA.
Return
TrustOptions!: A Vert.x TrustOptions
.
static fun trustClientOnFirstAccess(repository: FingerprintRepository!, tmf: TrustManagerFactory!): TrustOptions!
(source)
Accept CA-signed certificates, and otherwise trust client certificates on first access.
Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed.
Note: unlike the seemingly equivalent #trustServerOnFirstUse(Path)
method for authenticating servers, this method for authenticating clients is insecure and provides zero confidence in client identity. Unlike the server version, which bases the identity on the hostname and port the connection is being established to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, clients can circumvent access control by using a different common name from any previously recorded client.
repository
- FingerprintRepository!: The repository containing fingerprints by common name.
tmf
- TrustManagerFactory!: A TrustManagerFactory
for checking server certificates against a CA.
Return
TrustOptions!: A Vert.x TrustOptions
.