Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allows the HTTP server to use PEM truststore #39106

Merged
merged 1 commit into from
Mar 4, 2024
Merged

Allows the HTTP server to use PEM truststore #39106

merged 1 commit into from
Mar 4, 2024

Conversation

cescoffier
Copy link
Member

Previously, configuring the truststore with PEM files for mTLS (mutual TLS) usage was not supported, limiting options to JKS and P12 formats. This commit addresses this limitation by introducing support for PEM truststores in the HTTP server configuration.

Additionally, this commit accomplishes the following tasks:

  • Removes hand-crafted certificates.
  • Fixes issues related to alias passwords.
  • Deprecates the usage of "key" properties, replacing them with "alias" properties for clarity and consistency.

@cescoffier cescoffier requested a review from sberyozkin March 1, 2024 11:45
@quarkus-bot quarkus-bot bot added area/dependencies Pull requests that update a dependency file area/vertx labels Mar 1, 2024
sberyozkin
sberyozkin approved these changes Mar 1, 2024
View reviewed changes
Copy link
Member

@sberyozkin sberyozkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice clean up, LGTM.

Have you already documented the @Certificates option ? I suppose may be it is better wait till the project is hosted somewhere in the Quarkus space ?

@cescoffier
Copy link
Member Author

@sberyozkin the documentation is on https://github.com/cescoffier/certificate-generator until we move it.

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@sberyozkin
Copy link
Member

The BC JSSE test failure is likely related as it uses the cred provider

@cescoffier
Copy link
Member Author

Yes, I had to change a few things in the credential provider support. I will have a look on Monday.

@cescoffier
Allows the HTTP server to use PEM truststore
0fddc50 
Previously, configuring the truststore with PEM files for mTLS (mutual TLS) usage was not supported, limiting options to JKS and P12 formats. This commit addresses this limitation by introducing support for PEM truststores in the HTTP server configuration.

Additionally, this commit accomplishes the following tasks:

- Removes hand-crafted certificates.
- Fixes issues related to alias passwords.
- Deprecates the usage of "key" properties, replacing them with "alias" properties for clarity and consistency.
@cescoffier cescoffier force-pushed the vertx-http-pem-truststore branch from 69294a2 to 0fddc50 Compare March 3, 2024 14:27
@cescoffier
Copy link
Member Author

@sberyozkin it should be fixed now - was a bug in the new code.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 3, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 0fddc50.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

@cescoffier cescoffier merged commit 23b87f6 into quarkusio:main Mar 4, 2024
49 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Mar 4, 2024
@cescoffier cescoffier deleted the vertx-http-pem-truststore branch March 4, 2024 07:42
This was referenced Mar 4, 2024
Closed
Merged
@gtroitsk gtroitsk mentioned this pull request Mar 6, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/vertx triage/flaky-test
Projects
None yet
Milestone
3.9.0.CR1
Development

Successfully merging this pull request may close these issues.
2 participants
@cescoffier @sberyozkin