|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 6257 | minor | always | 06-08-19 14:36 | 06-09-19 14:35 | |
|
|
|||||
| Reporter: | nam | Platform: | |||
| Assigned To: | nam | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.62 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | |||
|
|
|||||
| Summary: | 0006257: JSSE keystore password can be different from key password for spring boot support | ||||
| Description: |
If the keystore password is set and the key alias is set, then Resin will incorrectly use the keystore password for loading keys. For example: keyPassword = null keyStorePassword = "foo"; Resin should be using null in _keyStore.getKey(), but it is instead using the keyStorePassword. In JsseSSLFactory: String password = _keyStorePassword; if (password == null) { password = _password; } InputStream is = _keyStoreFile.openRead(); try { _keyStore.load(is, password.toCharArray()); } finally { is.close(); } if (_alias != null) { Key key = _keyStore.getKey(_alias, password.toCharArray()); ... } |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||