Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-944

truststore path is ignored if provider is not JKS

    XMLWordPrintable

Details

    Description

      truststore configuration ignores the path and relative-to parameters if the truststore provider is anything else than JKS.

      This works as documented, but it is not correct. There can be and are truststore implementations that need to load parameters or whatever data from a file, and the current implementation prevents these truststore providers from working.

      We have a custom truststore that is loaded from database, and database access parameters are read from a properties file. When trying to use this with Wildfly 9, the keystore engineLoad parameter is passed in as null, even though path and relative-to are configured.

      Even standard java supports PKCS12 truststores, where the same problem would occur.

      So I would suggest that

      • if provider is JKS, path is mandatory
      • if provider is not JKS, but path is specified, it is passed to the provider

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-20693 [QA](7.3.z) WFCORE-944 - HTTPSManagementInterfacePKCS12TestCase fails on IBM 1.8 JDK with Invalid keystore format

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-19679 (7.3.z) TlsTestCase#testReloadTrustManager and KeyStoresTestCase tests fail on IBM Java 8

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              armihu Arto Huusko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: