Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 98167 invoked from network); 2 Nov 2006 18:52:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Nov 2006 18:52:41 -0000 Received: (qmail 4380 invoked by uid 500); 2 Nov 2006 18:52:49 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 4349 invoked by uid 500); 2 Nov 2006 18:52:49 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 4338 invoked by uid 99); 2 Nov 2006 18:52:49 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Nov 2006 10:52:49 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Nov 2006 10:52:37 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 25ED27142C3 for ; Thu, 2 Nov 2006 10:52:17 -0800 (PST) Message-ID: <8309889.1162493537142.JavaMail.root@brutus> Date: Thu, 2 Nov 2006 10:52:17 -0800 (PST) From: "Vamsavardhana Reddy (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Closed: (GERONIMO-2443) Import CA reply should match the public key in the keystore with that in the certificate from CA. In-Reply-To: <4798287.1159458770036.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://issues.apache.org/jira/browse/GERONIMO-2443?page=all ] Vamsavardhana Reddy closed GERONIMO-2443. ----------------------------------------- Resolution: Fixed Fixed. Rev 470461 (trunk) and Rev 470470 (branches\1.1) > Import CA reply should match the public key in the keystore with that in the certificate from CA. > ------------------------------------------------------------------------------------------------- > > Key: GERONIMO-2443 > URL: http://issues.apache.org/jira/browse/GERONIMO-2443 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.2, 1.1.1 > Environment: G1.1.1 > Reporter: Vamsavardhana Reddy > Fix For: 1.1.2, 1.2 > > Attachments: GERONIMO-2443-v1.2.patch > > > While importing CA reply into the keystore, the public key in the certificate issued by the CA should be matched with the public key that is currently in the keystore. java.securtiy.KeyStore.setKeyEntry does not complain if the privateKey and the publicKey in the certificate are not related An accidental import of a certificate corresponding to one public key along with an unrelated private key renders the key pair useless and results in errors while using the certificate. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira