Anonymous | Login | Signup for a new account | 12-17-2024 10:59 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0006233 | [Resin] | minor | always | 04-28-19 21:03 | 04-29-19 17:24 | ||||
Reporter | nam | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | 4.0.61 | ||||||
Summary | 0006233: JSSE KeyManagerFactory password can be different from KeyStore password for spring boot support | ||||||||
Description |
com.caucho.vfs.JsseSSLFactory does not distinguish between: 1. java.security.KeyStore password 2. javax.net.ssl.KeyManagerFactory password In JsseSSLFactory.create(), it's using the same password for KeyManagerFactory that it used for the KeyStore: public QServerSocket create(InetAddress host, int port) throws IOException, GeneralSecurityException { SSLServerSocketFactory factory = null; if (_keyStore != null) { SSLContext sslContext = SSLContext.getInstance(_sslContext); KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyManagerFactory); kmf.init(_keyStore, _password.toCharArray()); |
||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
33 total queries executed. 28 unique queries executed. |