tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57759] Clarify keyAlias definition to reduce likelihood of readers making invalid assumptions
Date Sat, 28 Mar 2015 15:30:13 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=57759

Mark Thomas <markt@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement
            Summary|keyAlias definition is      |Clarify keyAlias definition
                   |incorrect, does not appear  |to reduce likelihood of
                   |to work properly            |readers making invalid
                   |                            |assumptions

--- Comment #1 from Mark Thomas <markt@apache.org> ---
(In reply to Andrew Lane Carr from comment #0)
> keyAlias Definition from: 
> 
> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
> 
> The alias used to for the server certificate in the keystore. If not
> specified the first key read in the keystore will be used.
> 
> Wouldn't this lead you to believe if no alias is specified it will use the
> first key in the keystore?

No. The documentation states the first key read from the keystore is used. It
makes no statements regarding the relationship between the order the keys were
added to the store, the order the keys are stored in the store (if such a
concept makes sense - depening on the keystore it may not) and the order the
keys are read from the keystore. All of which will depend on the
implementation.

We can add a note to the documentation to clarify the above to reduce the
chances of future users making such invalid assumptions.

Generally, unless there is only a single key in the key store, it is advisable
to specify an alias. This advice can be added to the docs as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message