In the class AbstractCrypto I discovered something that could qualify
as a bug when loading the truststore. It seems there is no way to
overload the truststore, i..e. it is always hardcoded to the path:
String cacertsPath = System.getProperty("java.home") +
"/lib/security/cacerts";So if a system has a specialized way of handlign trust-stores, you will run into problems. I am currently developing a system to be deployed on Websphere, which does exactly this. Other systems honor the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties, but I find that wss4j does not... Should I file a Jira issue, (and possibly a patch) for this? I see also that it is possible to change the cacerts truststore password with the property "org.apache.ws.security.crypto.merlin.cacerts.password". What is the point of changing the password used to unlock the store, when it is always hardcoded to the default store (just in case I missed something)? Regards, -- \ Olve S. Hansen \ mailto:[EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-default-java-truststore-tp20739755p20739755.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
