Openfire currently supports mutual authentication for clients. This functionality is to be improved in the following way:
The key store used exclusively for mutual authentication certificates needs to be manageable through the admin panel.
In the admin panel, a visual indicator should be present for sessions that have established mutual authentication
It should be possible to have different mutual authentication requirements for different types of connections (BOSH vs. Non-Bosh, for example)
This issue introduces the new property httpbind.client.cert.policy, which behaves similar to the pre-existing xmpp.client.cert.policy. The latter now affects non-BOSH sessions only, while the former affects solely BOSH sessions.
As a result of OF-893, mutual authentication was not working for BOSH. Introducing a new property to configure its usage won't introduce any backwards compatibility issues (as the existing behavior was not influences by the original property in the first place).
Mutual authentication is now configurable in the SSL Security Page (under 'custom'). On the session overview page, a session will have two small arrow over the lock arrow when mutual mutual authentication has been established.