bobh 2002/09/18 08:10:04
Modified: util/java/org/apache/tomcat/util/net JSSESocketFactory.java
Log:
- Trust store shouldn't be initialized from key store
- removed conditional around trust store initialization, so when a
CLIENT-CERT resource is requested, Tomcat has something to use for
starting a a trusted negotiation
- changes reflect input from Vivek N. Yingxian Wang (JSSE), Craig M.,
Qingqing Ouyang
Revision Changes Path
1.2 +13 -7
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESocketFactory.java
Index: JSSESocketFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/JSSESocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JSSESocketFactory.java 5 Apr 2002 17:43:33 -0000 1.1
+++ JSSESocketFactory.java 18 Sep 2002 15:10:04 -0000 1.2
@@ -191,14 +191,20 @@
com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
kmf.init( kstore, keyPass.toCharArray());
- // If client authentication is needed, set up TrustManager
+ // set up TrustManager
com.sun.net.ssl.TrustManager[] tm = null;
- if( clientAuth) {
- com.sun.net.ssl.TrustManagerFactory tmf =
- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
- tmf.init(kstore);
- tm = tmf.getTrustManagers();
- }
+ String trustStoreFile = System.getProperty("javax.net.ssl.trustStore");
+ String trustStorePassword =
+ System.getProperty("javax.net.ssl.trustStorePassword");
+ if ( trustStoreFile != null && trustStorePassword != null ){
+ KeyStore trustStore = initKeyStore( trustStoreFile, trustStorePassword);
+
+ com.sun.net.ssl.TrustManagerFactory tmf =
+ com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
+
+ tmf.init(trustStore);
+ tm = tmf.getTrustManagers();
+ }
// init context with the key managers
context.init(kmf.getKeyManagers(), tm,
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
