Add alias property in KeyStore options for net/http servers #3933
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes eclipse-vertx#3926 This can be useful if users don't control the JKS file and it contains multiple entries. In this case, the SSL engine chooses the first one by default but it might not what the user expects. Signed-off-by: Thomas Segismont <[email protected]>
vietj
reviewed
May 19, 2021
|
I think we can avoid it since, the user simply should not set an alias on a
client JKS options
…On Wed, May 19, 2021 at 3:56 PM Thomas Segismont ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In src/main/java/io/vertx/core/net/KeyCertOptions.java
<#3933 (comment)>:
> @@ -39,6 +39,17 @@
*/
KeyManagerFactory getKeyManagerFactory(Vertx vertx) throws Exception;
+ /**
+ * Like ***@***.*** #getKeyManagerFactory}, except the underlying keystore can be filtered.
+ * <p>
+ * This should be called only when creating a ***@***.*** KeyManagerFactory} for a TCP or HTTP server.
+ *
+ * @param vertx the vertx instance
+ * @return the key manager factory
+ * @see JksOptions#setAlias(String)
+ */
+ KeyManagerFactory getKeyManagerFactory(Vertx vertx, boolean filter) throws Exception;
Yes
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#3933 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABXDCTOCDSH2AQREAFGAG3TOO7SFANCNFSM45EWQSYQ>
.
|
Then we don't need to overload keystore loading methods Signed-off-by: Thomas Segismont <[email protected]>
|
Done
… |
|
shouldn't this option also apply to keystore in general ? e.g it should work too for |
|
@tsegismont can you make this option generic for any |
Signed-off-by: Thomas Segismont <[email protected]>
|
@vietj PTAL |
tsegismont
changed the title
Signed-off-by: Thomas Segismont <[email protected]>
|
I think we are missing in |
|
@vietj I think I made them valid for the next 100 years ;-) But point taken. |
Signed-off-by: Thomas Segismont <[email protected]>
|
@vietj done |
|
waiting for CI green light and then we can merge this |
vietj
approved these changes
May 20, 2021
tsegismont
added a commit
to tsegismont/vert.x
that referenced
this pull request
Jun 22, 2021
Fixes eclipse-vertx#3970 In eclipse-vertx#3933 we added an alias property to keystore options that allows to choose a keystore entry when there are several instead of letting the JVM selecting the first one. This is a follow-up change that allows to specify a password for the alias when it is different than the store's password. Signed-off-by: Thomas Segismont <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3926
This can be useful if users don't control the JKS file and it contains
multiple entries.
In this case, the SSL engine chooses the first one by default but it
might not be what the user expects.