Hi Dulanja, C5 kernel does have a keystore, but not a truststore. So we're using a temporary trustmanager[1] to trust all certificates at the moment until a platform-wide solution is implemented. We raised the concern in [2].
[1] https://github.com/wso2/carbon-apimgt/blob/master/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/util/AMSSLSocketFactory.java#L108 [2] "[C5] SSLSocketFactory and HostnameVerifier implementations" Thanks, Bhathiya On Tue, Dec 5, 2017 at 3:10 PM, Dulanja Liyanage <dula...@wso2.com> wrote: > Thanks Niranjan. > > We need to decide this soon, because Stream Processor will get released in > this month, and they will have to write their own module if this is not > coming from a common place. This will be same for all the C5 based > products. IMO that's unnecessary duplication. > > How is AM 3.0.0 doing this right now? > > > On Mon, Dec 4, 2017 at 11:31 AM, Niranjan Karunanandham <niran...@wso2.com > > wrote: > >> Hi Dulanja, >> >> On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage <dula...@wso2.com> >> wrote: >> >>> Hi Abimaran, >>> >>> I'm actually talking about the following two System properties. They are >>> used only for SSL: >>> >>> - javax.net.ssl.keyStore >>> - javax.net.ssl.trustStore >>> >>> IIRC these were set during the bootstrap time in C4. >>> >>> Thanks, >>> Dulanja >>> >>> >>> On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan <abima...@wso2.com> >>> wrote: >>> >>>> Hi Dulanja, >>>> >>>> If we set these keystores through system properties, we will be losing >>>> the flexibility of having different keystore for different purposes like >>>> SSL, JWT signing, etc. >>>> >>>> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage <dula...@wso2.com> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> From the conversations I had with some of the developers, it seems >>>>> $subject is not done from the kernel level. Is my understanding correct? >>>>> >>>>> If so, any particular reason for not doing this from the kernel level? >>>>> >>>> >> As I remember there was a mail thread on this. In C5, the kernel does not >> have transports in it. IMO this should be from the component which is >> bringing in keystores. If am not mistaken, this should come from the >> carbon-transports. >> >> >>> >>>>> Thanks, >>>>> Dulanja >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Dulanja Liyanage >>>>> Lead, Platform Security Team >>>>> WSO2 Inc. >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks >>>> Abimaran Kugathasan >>>> Senior Software Engineer - API Technologies >>>> >>>> Email : abima...@wso2.com >>>> Mobile : +94 773922820 <077%20392%202820> >>>> >>>> <http://stackoverflow.com/users/515034> >>>> <http://lk.linkedin.com/in/abimaran> >>>> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> >>>> <https://twitter.com/abimaran> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Dulanja Liyanage >>> Lead, Platform Security Team >>> WSO2 Inc. >>> >> >> Regards, >> Nira >> >> -- >> >> >> *Niranjan Karunanandham* >> Associate Technical Lead - WSO2 Inc. >> WSO2 Inc.: http://www.wso2.com >> >> > > > -- > Thanks & Regards, > Dulanja Liyanage > Lead, Platform Security Team > WSO2 Inc. > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
