Re: svn commit: r1618650 - in /tomcat/trunk: build.properties.default java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java

[jean-frederic clere]

On 08/19/2014 08:52 AM, Mark Thomas wrote:
On 19/08/2014 07:16, jean-frederic clere wrote:
On 08/18/2014 08:21 PM, Konstantin Kolinko wrote:
2014-08-18 20:14 GMT+04:00  <jfcl...@apache.org>:
Author: jfclere
Date: Mon Aug 18 16:14:30 2014
New Revision: 1618650
URL: http://svn.apache.org/r1618650
Log:
Allow to use MS Windows keystore.
submitted by ehsavoie (Emmanuel Hugonnet <ehugo...@redhat.com>).

Modified:
      tomcat/trunk/build.properties.default

tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java


1. Documentation =?,
2. I think this is already configurable by setting keystoreFile="" and
truststoreFile="" on a <Connector>.

If someone uses the MS Windows keystore the keystore and the truststore
file(s) needs to be "".

That doesn't really answer Konstantin's point 2.

To put it another way, it has been possible to use the MSWindows
keystore since 7.0.51 so the svn log message is not correct.

Do you plan to address the other points Konstantin raised?

I need to prepare some documentation like how to use the MSWindows 
keystore with keytool and minimal stuff to use mmc. The idea is to add 
it to http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

Cheers

Jean-Frederic


Mark

Cheers

Jean-Frederic


See
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021
http://svn.apache.org/r1559573
http://svn.apache.org/r1559575

Tomcat 7.0.51 changelog says:
        <add>
          <bug>56021</bug>: Make it possible to use the Windows-MY key
store with
          the BIO and NIO connectors for SSL configuration. It requires a
          <code>keystoreFile=&quot;&quot;
keystoreType=&quot;Windows-My&quot;</code>
          to be set on the connector. Based on a patch provided by
Asanka. (markt)
        </add>

3. In issue 56021 the keystoreType was spelled "Windows-My". Why are
you spelling it as "Windows-MY"?

4. Changelog = ?
5. I reverted the change to build.properties.default

Best regards,
Konstantin Kolinko

Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1618650&r1=1618649&r2=1618650&view=diff

==============================================================================

--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Mon Aug 18 16:14:30 2014
@@ -238,3 +238,4 @@ cobertura.loc=${base-sf.loc}/cobertura/c

   # ----- JVM settings for unit tests
   java.net.preferIPv4Stack=false
+test.entry=org.apache.tomcat.util.net.TestSsl

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1618650&r1=1618649&r2=1618650&view=diff

==============================================================================

---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Mon Aug 18 16:14:30 2014
@@ -295,6 +295,8 @@ public class JSSESocketFactory implement
           String keystoreFile = endpoint.getKeystoreFile();
           if (keystoreFile == null)
               keystoreFile = defaultKeystoreFile;
+        if("Windows-MY".equals(type))

Any reason not to make this a case insensitive comparison?

+            keystoreFile = "";
           return getStore(type, provider, keystoreFile, pass);
       }
@@ -310,6 +312,8 @@ public class JSSESocketFactory implement
           if(truststoreFile == null) {
               truststoreFile =
System.getProperty("javax.net.ssl.trustStore");
           }
+        if("Windows-ROOT".equals(keystoreType))

Same here.

+            truststoreFile = "";
           if(log.isDebugEnabled()) {
               log.debug("Truststore = " + truststoreFile);
           }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org