[
https://issues.apache.org/jira/browse/QPID-8016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266042#comment-16266042
]
Rob Godfrey commented on QPID-8016:
-----------------------------------
The update in QPID-7567 fixes this issue (while at the same time changing the
default so that unless specifically disabled the keystore will first look for a
cert which matches the SNI name. If no such cert is present, then it will
return the cert associated with the alias.
> [Broker-J] FileKeyStore alias does not select the correct certificate
> ---------------------------------------------------------------------
>
> Key: QPID-8016
> URL: https://issues.apache.org/jira/browse/QPID-8016
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
> Affects Versions: qpid-java-6.1, qpid-java-broker-7.0.0
> Reporter: Keith Wall
>
> Keystore provider implementation {{FileKeyStore}} has a {{#certificateAlias}}
> attribute that is supposed to select a single certificate for use from a
> store that has many. This feature does not currently work. It seems that
> the last certificate is chosen regardless of the alias specified by the user.
> I reproduced this problem with test resource at
> {{test-profiles/test_resources/ssl/java_client_keystore.jks}}. It contains
> two non-CA certs app1 and app2. app2 was always presented over the TLS
> enabled socket, regardless of the setting of the {{certificateAlias}}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
