Hi Olve, > Hm, it is not the same, is it? The reporter here talks about disabling the > default keystore, not pointing to an alternative by the use of > system-properties.
Yup, mea culpa. Could you open a new JIRA for this issue? You need to submit the patch in the JIRA and grant Apache the right to use the source code. We also really need to unit test all of the permutations...so if you could at least do some of this that'd be great! Thanks, Colm. -----Original Message----- From: Olve Hansen [mailto:[EMAIL PROTECTED] Sent: 02 December 2008 11:54 To: [email protected] Subject: RE: Bug in AbstractCrypto; hardcoded loading of default java truststore Colm O hEigeartaigh wrote: > > Hi Olve, > >> Should I file a Jira issue > > This is a known bug: > > https://issues.apache.org/jira/browse/WSS-84 > Hm, it is not the same, is it? The reporter here talks about disabling the default keystore, not pointing to an alternative by the use of system-properties. Colm O hEigeartaigh wrote: > > >> , (and possibly a patch) for this? > > Please do! How about this behaviour in AbstractCrypto: > > If the System properties javax.net.ssl.trustStore and > javax.net.ssl.trustStorePassword are set then use this truststore and do > not load /lib/security/cacerts. If these properties are not set, then > see if the user has defined a truststore in the properties file. We > already have: > > org.apache.ws.security.crypto.merlin.cacerts.password > > and we need a new tag that corresponds to the location of the > truststore. Finally, if there are no truststores defined in the > properties file, then load the default trust store. What do you think? > > This is about exactly what I already have tested, although I didn't include an option for specifying the org.apache.ws.security.crypto.merlin.cacerts independantly, but that is a simple addition I just added. Here is a patch for this behaviour (hope attatchements get through via nabble)... http://www.nabble.com/file/p20790670/Loosened_up_hard-coded_path_to_defa ult_trust-store.patch Loosened_up_hard-coded_path_to_default_trust-store.patch -- Olve ----- -- Olve Hansen -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-defaul t-java-truststore-tp20739755p20790670.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
