ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olve Hansen <olv...@gmail.com>
Subject Bug in AbstractCrypto; hardcoded loading of default java truststore
Date Fri, 28 Nov 2008 19:52:09 GMT

In the class AbstractCrypto I discovered something that could qualify
as a bug when loading the truststore. It seems there is no way to
overload the truststore, i..e. it is always hardcoded to the path:
String cacertsPath = System.getProperty("java.home") +
"/lib/security/cacerts";

So if a system has a specialized way of handlign trust-stores, you
will run into problems. I am currently developing a system to be
deployed on Websphere, which does exactly this.

Other systems honor the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword properties, but I find that wss4j
does not...

Should I file a Jira issue, (and possibly a patch) for this? I see
also that it is possible to change the cacerts truststore password
with the property
"org.apache.ws.security.crypto.merlin.cacerts.password". What is the
point of changing the password used to unlock the store, when it is
always hardcoded to the default store (just in case I missed
something)?

Regards,
--
 \ Olve S. Hansen
 \ mailto:olvesh@gmail.com
-- 
View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-default-java-truststore-tp20739755p20739755.html
Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message