Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore password? I wonder what other projects do to avoid putting a plaintext password in the configuration.
(Shameless plug) Every java main() method deserves http://picocli.info > On May 8, 2017, at 8:41, Gary Gregory <[email protected]> wrote: > > Note: Apache HttpCore let's you do this through a TrustStrategy. But I am > not suggesting we use HC, only that we consider a similar feature for 2.9. > > G > > > Gary > >> On May 7, 2017 3:06 PM, "Gary Gregory" <[email protected]> wrote: >> >> You have to plug in a custom trust manager into an SSL context. We do not >> allow for that in our config. We could ship a TM that does that and logs a >> "not for production" warning. >> >> Gary >> >>> On May 7, 2017 2:26 PM, "Matt Sicker" <[email protected]> wrote: >>> >>> You can import the self signed certificate into a key store and configure >>> that in the socket appender. I'm not sure if the SSL code in Java lets you >>> just blindly accept all self-signed certificates. >>> >>>> On 6 May 2017 at 23:21, Gary Gregory <[email protected]> wrote: >>>> >>>> Hi all, >>>> >>>> I do not see a way to configure SSL with out socket appenders to accept >>>> self-signed certificates (handy if not essential during development). >>>> >>>> Am I missing something? >>>> >>>> Gary >>>> >>>> -- >>>> E-Mail: [email protected] | [email protected] >>>> Java Persistence with Hibernate, Second Edition >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_ >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459& >>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b >>> 1af9fe6a2b8> >>>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= >>>> 1617290459> >>>> JUnit in Action, Second Edition >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_ >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021& >>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac >>> 902a24de418%22 >>>>> >>>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= >>>> 1935182021> >>>> Spring Batch in Action >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_ >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951& >>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B% >>>> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a= >>>> 1935182951> >>>> Blog: http://garygregory.wordpress.com >>>> Home: http://garygregory.com/ >>>> Tweet! http://twitter.com/GaryGregory >>>> >>> >>> >>> >>> -- >>> Matt Sicker <[email protected]> >>> >>
