[
https://issues.apache.org/jira/browse/CAMEL-23764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino resolved CAMEL-23764.
--------------------------------------
Resolution: Fixed
> camel-as2: fail closed when an inbound signed message cannot be verified
> ------------------------------------------------------------------------
>
> Key: CAMEL-23764
> URL: https://issues.apache.org/jira/browse/CAMEL-23764
> Project: Camel
> Issue Type: Improvement
> Components: camel-as2
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.21.0
>
>
> When no validateSigningCertificateChain is configured (the default), the AS2
> server consumer delivers the payload of an inbound multipart/signed message
> without performing signature validation. This proposes a safer default: when
> a signed AS2 message is received but no trust anchor is configured to
> validate it, reject (or warn) rather than silently delivering the unverified
> payload. Signature validation already works correctly once a chain is
> configured.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
