[jira] [Work logged] (KNOX-2434) Knox should fallback to JDK default keystore/truststore type instead of hardcoding JKS

Thu, 30 Jul 2020 12:51:14 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2434?focusedWorklogId=464711&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-464711
 ]

ASF GitHub Bot logged work on KNOX-2434:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Jul/20 19:50
            Start Date: 30/Jul/20 19:50
    Worklog Time Spent: 10m 
      Work Description: risdenk opened a new pull request #366:
URL: https://github.com/apache/knox/pull/366


   ## What changes were proposed in this pull request?
   
   Replace hardcoded `JKS` with `KeyStore.getDefaultType()`
   
   ## How was this patch tested?
   
   * `mvn -U -T.75C clean verify -Ppackage,release -Dshellcheck`
   * Check that this fixes FIPS crypto when default keystore configured at JDK 
level


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 464711)
    Remaining Estimate: 0h
            Time Spent: 10m

> Knox should fallback to JDK default keystore/truststore type instead of 
> hardcoding JKS
> --------------------------------------------------------------------------------------
>
>                 Key: KNOX-2434
>                 URL: https://issues.apache.org/jira/browse/KNOX-2434
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.4.0
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.5.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently Knox has a few configuration options for overriding the 
> keystore/truststore type and if these are not specified it falls back to 
> hardcoded "JKS". This should fallback instead of the JDK default configured 
> keystore/truststore type. This will cause issues when an administrator wants 
> to control the keystore type globally at the JDK level. This happens when 
> doing FIPS crypto modules.
> It would be better to use KeyStore.getDefaultType() instead of hardcoding JKS.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to