tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: truststoreFile vs javax.net.ssl.trustStore
Date Thu, 12 Aug 2010 18:18:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Estani,

On 8/12/2010 3:47 AM, Estanislao Gonzalez wrote:
> If I set both trustoreFile and javax.net.ssl.trustStore which one is
> being honored? The documentation is not clear to me:

> "The trust store file to use to validate client certificates. The
> default is the value of the |javax.net.ssl.trustStore| system property.
> If neither this attribute nor the default system property is set, no
> trust store will be configured."
> 
> "The default" as in "if nothing else is found" or "if set"?

I think this might be a language problem. I believe the code would look
something like this, which might be easier to understand:

String trustStoreFile = connector.getTrustStoreFile();

if(null == trustStoreFile)
  trustStoreFile = System.getProperty("javax.net.ssl.trustStore");


if(null != trustStoreFile)
{
   // Use the trustStoreFile
}
else
{
   // No trustStoreFile
}

> I have a truststoreFile set (which is read), but the validation is made
> against java own jssecacerts or cacerts files, the one from the
> truststoreFile is only used if explicitly mentioned in
> javax.net.ssl.trustStore, no matter what.

Please post your configuration, and a "keystore -list" for the
truststore you are trying to use.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxkOu8ACgkQ9CaO5/Lv0PBMSQCdGk4NYk2tVD8S28DDT4T6RLXe
ChoAmQHy9ZDi5gA9CBAX3ng5r/+D2RU1
=N1Y0
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message