Colm O hEigeartaigh wrote: > > Hi Olve, > >> Should I file a Jira issue > > This is a known bug: > > https://issues.apache.org/jira/browse/WSS-84 >
Hm, it is not the same, is it? The reporter here talks about disabling the default keystore, not pointing to an alternative by the use of system-properties. Colm O hEigeartaigh wrote: > > >> , (and possibly a patch) for this? > > Please do! How about this behaviour in AbstractCrypto: > > If the System properties javax.net.ssl.trustStore and > javax.net.ssl.trustStorePassword are set then use this truststore and do > not load /lib/security/cacerts. If these properties are not set, then > see if the user has defined a truststore in the properties file. We > already have: > > org.apache.ws.security.crypto.merlin.cacerts.password > > and we need a new tag that corresponds to the location of the > truststore. Finally, if there are no truststores defined in the > properties file, then load the default trust store. What do you think? > > This is about exactly what I already have tested, although I didn't include an option for specifying the org.apache.ws.security.crypto.merlin.cacerts independantly, but that is a simple addition I just added. Here is a patch for this behaviour (hope attatchements get through via nabble)... http://www.nabble.com/file/p20790670/Loosened_up_hard-coded_path_to_default_trust-store.patch Loosened_up_hard-coded_path_to_default_trust-store.patch -- Olve ----- -- Olve Hansen -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-default-java-truststore-tp20739755p20790670.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
