[
https://issues.apache.org/jira/browse/CXF-666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Polar Humenn updated CXF-666:
-----------------------------
Attachment: CXF-666.patch
This patch handles the following
CXF-661, CXF-666, CXF-672
o All TLS Configuration is revamped for both programmatic
and Spring Configuration. New configuration
elements for are in:
cxf-common-schemas security.xsd
cxf-transports-http http-conf.xsd http-listener.xsd
for <conduit>, <destination>, <listener>
p I was careful to keep old style configuration working, and it
can easily be removed. (Almost) Everything that uses it has been
annotated with @Deprecated
o There were a number of issues with the old configuration,
such as you couldn't configure a conduit or destination
to use a KeyStore without it going to a file. Still the
case with old config, but not with the new.
o Fixes issue complained about on the list of having the
parameters have to be in sequence when schema validation
is used. A <xs:all> is now employeed instead of <xs:sequence>
o Moving to Jetty 6.1.3 caused problems with old
configuration because the trust store required a password.
This has been fixed with the old configuration,
but new configuration is still preferred.
o Upgrade to Jetty 6.1.3
> SSL Programtic and Spring Configuration and Jetty upgrade to 6.1.3
> ------------------------------------------------------------------
>
> Key: CXF-666
> URL: https://issues.apache.org/jira/browse/CXF-666
> Project: CXF
> Issue Type: Improvement
> Components: Configuration, Transports
> Affects Versions: 2.1
> Reporter: Polar Humenn
> Attachments: CXF-666.patch
>
>
> The SSL Configuration needs some improvement to give us more handing of the
> JSSE components, both programatically and in Spring configuration. A proposal
> to change the configuration so that we may place KeyManagers, and
> TrustManagers to be both spring configured as well as programatically
> configured. Also to remove certain configuration things, such as
> MaxChainLength, that are are not supported and unimplemented as they may be
> performed by other things such as interceptors and trust deciders. This will
> allow us to upgrade to Jetty 6.1.3 as well.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
