Mantis - Resin
|
|||||
Viewing Issue Advanced Details | |||||
|
|||||
ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
6257 | minor | always | 06-08-19 14:36 | 06-09-19 14:35 | |
|
|||||
Reporter: | nam | Platform: | |||
Assigned To: | nam | OS: | |||
Priority: | normal | OS Version: | |||
Status: | closed | Product Version: | 4.0.62 | ||
Product Build: | Resolution: | fixed | |||
Projection: | none | ||||
ETA: | none | Fixed in Version: | |||
|
|||||
Summary: | 0006257: JSSE keystore password can be different from key password for spring boot support | ||||
Description: |
If the keystore password is set and the key alias is set, then Resin will incorrectly use the keystore password for loading keys. For example: keyPassword = null keyStorePassword = "foo"; Resin should be using null in _keyStore.getKey(), but it is instead using the keyStorePassword. In JsseSSLFactory: String password = _keyStorePassword; if (password == null) { password = _password; } InputStream is = _keyStoreFile.openRead(); try { _keyStore.load(is, password.toCharArray()); } finally { is.close(); } if (_alias != null) { Key key = _keyStore.getKey(_alias, password.toCharArray()); ... } |
||||
Steps To Reproduce: | |||||
Additional Information: | |||||
Relationships | |||||
Attached Files: |
Notes | |||||
|
|||||
|
|