| Anonymous | Login | Signup for a new account | 04-20-2024 00:46 PDT |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0006233 | [Resin] | minor | always | 04-28-19 21:03 | 04-29-19 17:24 | ||||
| Reporter | nam | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 4.0.61 | ||||||
| Summary | 0006233: JSSE KeyManagerFactory password can be different from KeyStore password for spring boot support | ||||||||
| Description |
com.caucho.vfs.JsseSSLFactory does not distinguish between: 1. java.security.KeyStore password 2. javax.net.ssl.KeyManagerFactory password In JsseSSLFactory.create(), it's using the same password for KeyManagerFactory that it used for the KeyStore: public QServerSocket create(InetAddress host, int port) throws IOException, GeneralSecurityException { SSLServerSocketFactory factory = null; if (_keyStore != null) { SSLContext sslContext = SSLContext.getInstance(_sslContext); KeyManagerFactory kmf = KeyManagerFactory.getInstance(_keyManagerFactory); kmf.init(_keyStore, _password.toCharArray()); |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0006887) nam 04-28-19 21:06 |
The workaround is: JsseSSLFactory sslFactory = new JsseSSLFactory(); sslFactory.setPassword(keyStorePassword); sslFactory.init(); // set the password again after init for the KeyManagerFactory sslFactory.setPassword(keyManagerPassword); |
|
(0006888) nam 04-29-19 01:08 |
Workaround does NOT work if keyAlias is set. |
|
(0006890) ferg 04-29-19 17:24 |
network/0518 |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 04-28-19 21:03 | nam | New Issue | |
| 04-28-19 21:06 | nam | Note Added: 0006887 | |
| 04-29-19 01:08 | nam | Note Added: 0006888 | |
| 04-29-19 17:24 | ferg | Note Added: 0006890 | |
| 04-29-19 17:24 | ferg | Assigned To | => ferg |
| 04-29-19 17:24 | ferg | Status | new => closed |
| 04-29-19 17:24 | ferg | Resolution | open => fixed |
| 04-29-19 17:24 | ferg | Fixed in Version | => 4.0.62 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
33 total queries executed. 28 unique queries executed. |  |
