On Sun, May 7, 2017 at 4:52 PM, Remko Popma <[email protected]> wrote:
> Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore > password? I wonder what other projects do to avoid putting a plaintext > password in the configuration. > You pass it as a char[] to the API. Remember, HC is a just an API. It might look at sys props under certain set ups IIRC. Gary > > > > (Shameless plug) Every java main() method deserves http://picocli.info > > > On May 8, 2017, at 8:41, Gary Gregory <[email protected]> wrote: > > > > Note: Apache HttpCore let's you do this through a TrustStrategy. But I am > > not suggesting we use HC, only that we consider a similar feature for > 2.9. > > > > G > > > > > > Gary > > > >> On May 7, 2017 3:06 PM, "Gary Gregory" <[email protected]> wrote: > >> > >> You have to plug in a custom trust manager into an SSL context. We do > not > >> allow for that in our config. We could ship a TM that does that and > logs a > >> "not for production" warning. > >> > >> Gary > >> > >>> On May 7, 2017 2:26 PM, "Matt Sicker" <[email protected]> wrote: > >>> > >>> You can import the self signed certificate into a key store and > configure > >>> that in the socket appender. I'm not sure if the SSL code in Java lets > you > >>> just blindly accept all self-signed certificates. > >>> > >>>> On 6 May 2017 at 23:21, Gary Gregory <[email protected]> wrote: > >>>> > >>>> Hi all, > >>>> > >>>> I do not see a way to configure SSL with out socket appenders to > accept > >>>> self-signed certificates (handy if not essential during development). > >>>> > >>>> Am I missing something? > >>>> > >>>> Gary > >>>> > >>>> -- > >>>> E-Mail: [email protected] | [email protected] > >>>> Java Persistence with Hibernate, Second Edition > >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_ > >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459& > >>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b > >>> 1af9fe6a2b8> > >>>> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > >>>> 1617290459> > >>>> JUnit in Action, Second Edition > >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_ > >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021& > >>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac > >>> 902a24de418%22 > >>>>> > >>>> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > >>>> 1935182021> > >>>> Spring Batch in Action > >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_ > >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951& > >>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B% > >>>> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > >>>> 1935182951> > >>>> Blog: http://garygregory.wordpress.com > >>>> Home: http://garygregory.com/ > >>>> Tweet! http://twitter.com/GaryGregory > >>>> > >>> > >>> > >>> > >>> -- > >>> Matt Sicker <[email protected]> > >>> > >> > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459> JUnit in Action, Second Edition <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021> Spring Batch in Action <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
