On 19/08/2014 07:16, jean-frederic clere wrote: > On 08/18/2014 08:21 PM, Konstantin Kolinko wrote: >> 2014-08-18 20:14 GMT+04:00 <jfcl...@apache.org>: >>> Author: jfclere >>> Date: Mon Aug 18 16:14:30 2014 >>> New Revision: 1618650 >>> >>> URL: http://svn.apache.org/r1618650 >>> Log: >>> Allow to use MS Windows keystore. >>> submitted by ehsavoie (Emmanuel Hugonnet <ehugo...@redhat.com>). >>> >>> Modified: >>> tomcat/trunk/build.properties.default >>> >>> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >>> >> >> 1. Documentation =?, >> 2. I think this is already configurable by setting keystoreFile="" and >> truststoreFile="" on a <Connector>. > > If someone uses the MS Windows keystore the keystore and the truststore > file(s) needs to be "".
That doesn't really answer Konstantin's point 2. To put it another way, it has been possible to use the MSWindows keystore since 7.0.51 so the svn log message is not correct. Do you plan to address the other points Konstantin raised? Mark > Cheers > > Jean-Frederic > >> >> See >> https://issues.apache.org/bugzilla/show_bug.cgi?id=56021 >> http://svn.apache.org/r1559573 >> http://svn.apache.org/r1559575 >> >> Tomcat 7.0.51 changelog says: >> <add> >> <bug>56021</bug>: Make it possible to use the Windows-MY key >> store with >> the BIO and NIO connectors for SSL configuration. It requires a >> <code>keystoreFile="" >> keystoreType="Windows-My"</code> >> to be set on the connector. Based on a patch provided by >> Asanka. (markt) >> </add> >> >> 3. In issue 56021 the keystoreType was spelled "Windows-My". Why are >> you spelling it as "Windows-MY"? >> >> 4. Changelog = ? >> 5. I reverted the change to build.properties.default >> >> Best regards, >> Konstantin Kolinko >> >>> Modified: tomcat/trunk/build.properties.default >>> URL: >>> http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1618650&r1=1618649&r2=1618650&view=diff >>> >>> ============================================================================== >>> >>> --- tomcat/trunk/build.properties.default (original) >>> +++ tomcat/trunk/build.properties.default Mon Aug 18 16:14:30 2014 >>> @@ -238,3 +238,4 @@ cobertura.loc=${base-sf.loc}/cobertura/c >>> >>> # ----- JVM settings for unit tests >>> java.net.preferIPv4Stack=false >>> +test.entry=org.apache.tomcat.util.net.TestSsl >>> >>> Modified: >>> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >>> URL: >>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1618650&r1=1618649&r2=1618650&view=diff >>> >>> ============================================================================== >>> >>> --- >>> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >>> (original) >>> +++ >>> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java >>> Mon Aug 18 16:14:30 2014 >>> @@ -295,6 +295,8 @@ public class JSSESocketFactory implement >>> String keystoreFile = endpoint.getKeystoreFile(); >>> if (keystoreFile == null) >>> keystoreFile = defaultKeystoreFile; >>> + if("Windows-MY".equals(type)) Any reason not to make this a case insensitive comparison? >>> + keystoreFile = ""; >>> return getStore(type, provider, keystoreFile, pass); >>> } >>> @@ -310,6 +312,8 @@ public class JSSESocketFactory implement >>> if(truststoreFile == null) { >>> truststoreFile = >>> System.getProperty("javax.net.ssl.trustStore"); >>> } >>> + if("Windows-ROOT".equals(keystoreType)) Same here. >>> + truststoreFile = ""; >>> if(log.isDebugEnabled()) { >>> log.debug("Truststore = " + truststoreFile); >>> } >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: dev-h...@tomcat.apache.org >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
