[
https://issues.apache.org/jira/browse/KNOX-1111?focusedWorklogId=213783&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-213783
]
ASF GitHub Bot logged work on KNOX-1111:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Mar/19 13:58
Start Date: 15/Mar/19 13:58
Worklog Time Spent: 10m
Work Description: rlevas commented on pull request #74: KNOX-1111 - 2-way
SSL Truststore and Keystore Improvements
URL: https://github.com/apache/knox/pull/74
## What changes were proposed in this pull request?
Most of the improvements needed for
[KNOX-1111](https://issues.apache.org/jira/browse/KNOX-1111) have been
completed using various Jiras. However, the ability to set a custom trust
store when two-way SSL was not enabled for a service was not implemented. This
patch implements that feature.
## How was this patch tested?
Added and ran unit test:
```
mvn -T.5C verify -Prelease,package
...
[INFO]
------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 15:59 min (Wall Clock)
[INFO] Finished at: 2019-03-14T20:56:51-04:00
[INFO] Final Memory: 292M/1907M
[INFO]
------------------------------------------------------------------------
```
Manually tested various scenarios:
- two-way SSL **with no** trust store configured, used the configured
identity keystore instead
- two-way SSL **with** a trust store configured, used the configured trust
store
- one-way SSL **with no** trust store configured, no custom SSL context was
created (assume cacerts was used)
- one-way SSL **with** a trust store configured, used the configured trust
store
Please review [Knox Contributing
Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow)
before opening a pull request.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 213783)
Time Spent: 10m
Remaining Estimate: 0h
> 2-way SSL Truststore and Keystore Improvements
> ----------------------------------------------
>
> Key: KNOX-1111
> URL: https://issues.apache.org/jira/browse/KNOX-1111
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Robert Levas
> Priority: Major
> Fix For: 1.3.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently, the DefaultHttpClientFactory is setting the 2-way SSL for
> dispatches truststore as gateway.jks. This should be driven by configuration
> and probably default to cacerts rather than gateway.jks.
> The client cert alias inside the keystore should be configurable as well so
> that we can possibly have different certs representing different topologies.
> In addition, the keystore to host the client certs should be configurable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
