Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 6.0.0beta17
    • Fix Version/s: 6.0.0rc1, 6.0.0
    • Component/s: Security and SSL
    • Labels:
      None
    • Number of attachments :
      1

      Description

      Suggested by David Smiley:

      > See: SslSocketConnector.createFactory()
      > #1. You are differentiating "password" from "keypassword" but I believe
      > they should always be the same. No?
      > #1.5 if any of the passwords, are null, Jetty ends up throwing a NPE
      > instead of something better/nicer.
      > #2. It would be nice if Jetty could configure the TrustManager just as
      > it is doing so for the KeyManager. I am forced to do this globally now
      > via system properties.
      > #3. While we're at it, why not make the random implementation
      > configurable too?

        Activity

        Hide
        Greg Wilkins added a comment -

        Anders - use JETTY-3 to raise issues about the SslSelectChannelConnector.

        It is a work in progres.... I have not seen this NPE, but I have not run the latest patch very much.

        Show
        Greg Wilkins added a comment - Anders - use JETTY-3 to raise issues about the SslSelectChannelConnector. It is a work in progres.... I have not seen this NPE, but I have not run the latest patch very much.
        Hide
        nik gonzalez added a comment -

        Greg,

        found this on the jsse reference guide :

        "A newly-created SSLContext should be initialized by calling the init method:

        public void init(KeyManager[] km, TrustManager[] tm,
        SecureRandom random);

        If the KeyManager[] paramater is null, then an empty KeyManager will be defined for this context. If the TrustManager[] parameter is null, the installed security providers will be searched for the highest-priority implementation of the TrustManagerFactory, from which an appropriate TrustManager will be obtained. Likewise, the SecureRandom parameter may be null, in which case a default implementation will be used. "

        Show
        nik gonzalez added a comment - Greg, found this on the jsse reference guide : "A newly-created SSLContext should be initialized by calling the init method: public void init(KeyManager[] km, TrustManager[] tm, SecureRandom random); If the KeyManager[] paramater is null, then an empty KeyManager will be defined for this context. If the TrustManager[] parameter is null, the installed security providers will be searched for the highest-priority implementation of the TrustManagerFactory, from which an appropriate TrustManager will be obtained. Likewise, the SecureRandom parameter may be null, in which case a default implementation will be used. "
        Hide
        Greg Wilkins added a comment -

        Great,

        then we should be able to allow both Key and Trust Managers to be used if a key store has not been set for them.
        (I think I have the code so the trustmanager will default to the keystore - which is wrong).

        Can you also allow for an optional SecureRandom instance to be set and passed to the context .

        cheers

        Show
        Greg Wilkins added a comment - Great, then we should be able to allow both Key and Trust Managers to be used if a key store has not been set for them. (I think I have the code so the trustmanager will default to the keystore - which is wrong). Can you also allow for an optional SecureRandom instance to be set and passed to the context . cheers
        Hide
        Jan Bartel added a comment -

        Nik,

        What is the status of this issue? Can it be closed yet?

        Show
        Jan Bartel added a comment - Nik, What is the status of this issue? Can it be closed yet?
        Hide
        nik gonzalez added a comment -

        Jan,

        Its been fixed already. Now closing this issue.

        Thanks!
        Nik

        Show
        nik gonzalez added a comment - Jan, Its been fixed already. Now closing this issue. Thanks! Nik

          People

          • Assignee:
            nik gonzalez
            Reporter:
            Greg Wilkins
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: