Hi All, Have we decided a way forward for this?
Is it possible to introduce a new config to read it and set this globally from java level as system properties via carbon-transport as Niranjan suggested? Thanks! On Tue, Dec 5, 2017 at 3:24 PM, Bhathiya Jayasekara <[email protected]> wrote: > Hi Dulanja, > > C5 kernel does have a keystore, but not a truststore. So we're using a > temporary trustmanager[1] to trust all certificates at the moment until a > platform-wide solution is implemented. We raised the concern in [2]. > > [1] https://github.com/wso2/carbon-apimgt/blob/master/compon > ents/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/ > wso2/carbon/apimgt/core/util/AMSSLSocketFactory.java#L108 > [2] "[C5] SSLSocketFactory and HostnameVerifier implementations" > > Thanks, > Bhathiya > > On Tue, Dec 5, 2017 at 3:10 PM, Dulanja Liyanage <[email protected]> wrote: > >> Thanks Niranjan. >> >> We need to decide this soon, because Stream Processor will get released >> in this month, and they will have to write their own module if this is not >> coming from a common place. This will be same for all the C5 based >> products. IMO that's unnecessary duplication. >> >> How is AM 3.0.0 doing this right now? >> >> >> On Mon, Dec 4, 2017 at 11:31 AM, Niranjan Karunanandham < >> [email protected]> wrote: >> >>> Hi Dulanja, >>> >>> On Wed, Nov 29, 2017 at 8:29 PM, Dulanja Liyanage <[email protected]> >>> wrote: >>> >>>> Hi Abimaran, >>>> >>>> I'm actually talking about the following two System properties. They >>>> are used only for SSL: >>>> >>>> - javax.net.ssl.keyStore >>>> - javax.net.ssl.trustStore >>>> >>>> IIRC these were set during the bootstrap time in C4. >>>> >>>> Thanks, >>>> Dulanja >>>> >>>> >>>> On Wed, Nov 29, 2017 at 5:18 PM, Abimaran Kugathasan <[email protected] >>>> > wrote: >>>> >>>>> Hi Dulanja, >>>>> >>>>> If we set these keystores through system properties, we will be losing >>>>> the flexibility of having different keystore for different purposes like >>>>> SSL, JWT signing, etc. >>>>> >>>>> On Wed, Nov 29, 2017 at 4:09 PM, Dulanja Liyanage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> From the conversations I had with some of the developers, it seems >>>>>> $subject is not done from the kernel level. Is my understanding correct? >>>>>> >>>>>> If so, any particular reason for not doing this from the kernel >>>>>> level? >>>>>> >>>>> >>> As I remember there was a mail thread on this. In C5, the kernel does >>> not have transports in it. IMO this should be from the component which is >>> bringing in keystores. If am not mistaken, this should come from the >>> carbon-transports. >>> >>> >>>> >>>>>> Thanks, >>>>>> Dulanja >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> Dulanja Liyanage >>>>>> Lead, Platform Security Team >>>>>> WSO2 Inc. >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks >>>>> Abimaran Kugathasan >>>>> Senior Software Engineer - API Technologies >>>>> >>>>> Email : [email protected] >>>>> Mobile : +94 773922820 <077%20392%202820> >>>>> >>>>> <http://stackoverflow.com/users/515034> >>>>> <http://lk.linkedin.com/in/abimaran> >>>>> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> >>>>> <https://twitter.com/abimaran> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Dulanja Liyanage >>>> Lead, Platform Security Team >>>> WSO2 Inc. >>>> >>> >>> Regards, >>> Nira >>> >>> -- >>> >>> >>> *Niranjan Karunanandham* >>> Associate Technical Lead - WSO2 Inc. >>> WSO2 Inc.: http://www.wso2.com >>> >>> >> >> >> -- >> Thanks & Regards, >> Dulanja Liyanage >> Lead, Platform Security Team >> WSO2 Inc. >> > > > > -- > *Bhathiya Jayasekara* > *Associate Technical Lead,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <+94%2071%20547%208185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306 <+94%2071%20238%203306>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
