[jira] [Work started] (CAMEL-23764) camel-as2: fail closed when an inbound signed message cannot be verified

Andrea Cosentino (Jira) Thu, 18 Jun 2026 05:45:56 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Work on CAMEL-23764 started by Andrea Cosentino.
------------------------------------------------
> camel-as2: fail closed when an inbound signed message cannot be verified
> ------------------------------------------------------------------------
>
>                 Key: CAMEL-23764
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23764
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-as2
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.14.8, 4.18.3, 4.21.0
>
>
> When no validateSigningCertificateChain is configured (the default), the AS2 
> server consumer delivers the payload of an inbound multipart/signed message 
> without performing signature validation. This proposes a safer default: when 
> a signed AS2 message is received but no trust anchor is configured to 
> validate it, reject (or warn) rather than silently delivering the unverified 
> payload. Signature validation already works correctly once a chain is 
> configured.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work started] (CAMEL-23764) camel-as2: fail closed when an inbound signed message cannot be verified

Reply via email to