Anonymous | Login | Signup for a new account | 04-25-2024 17:24 PDT |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0006257 | [Resin] | minor | always | 06-08-19 14:36 | 06-09-19 14:35 | ||||
Reporter | nam | View Status | public | ||||||
Assigned To | nam | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | 4.0.62 | ||||||
Summary | 0006257: JSSE keystore password can be different from key password for spring boot support | ||||||||
Description |
If the keystore password is set and the key alias is set, then Resin will incorrectly use the keystore password for loading keys. For example: keyPassword = null keyStorePassword = "foo"; Resin should be using null in _keyStore.getKey(), but it is instead using the keyStorePassword. In JsseSSLFactory: String password = _keyStorePassword; if (password == null) { password = _password; } InputStream is = _keyStoreFile.openRead(); try { _keyStore.load(is, password.toCharArray()); } finally { is.close(); } if (_alias != null) { Key key = _keyStore.getKey(_alias, password.toCharArray()); ... } |
||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed. 25 unique queries executed. |