[ https://issues.apache.org/jira/browse/QPID-7224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15357906#comment-15357906 ]
Keith Wall commented on QPID-7224: ---------------------------------- Changes look reasonable to me. > Exposed truststores should exclude/include based on virtualhostnode rather > than virtualhost > ------------------------------------------------------------------------------------------- > > Key: QPID-7224 > URL: https://issues.apache.org/jira/browse/QPID-7224 > Project: Qpid > Issue Type: Bug > Components: Java Broker > Reporter: Keith Wall > Fix For: qpid-java-6.1 > > > Truststores can be exposed as a message sources to clients for the purposes > of public key distribution for end-to-end message encryption. > If a truststore is exposed, by default the truststore is exposed to all > virtualhosts. The user can opt to make this more restrictive by opting to > include or exclude virtualhosts. > The inclusion/exclusion based on virtualhost is problematic in the HA case, > as the virtualhost may be elsewhere in the group. This would prevent the > Truststore from starting (it would go into error). > The Truststore implementations must change to have inclusion/exclusion based > on virtualhostnode. > The configuration upgrader will need to guess that the virtualhostnode name > is the same as the virtualhost. This will work with default configuration in > the non-HA case (where virtualhostnode name = virtualhost name), but will > fail in the HA case. > -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org