On Sun, May 7, 2017 at 5:28 PM, Gary Gregory <[email protected]> wrote:
> On Sun, May 7, 2017 at 4:52 PM, Remko Popma <[email protected]> wrote: > >> Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore >> password? I wonder what other projects do to avoid putting a plaintext >> password in the configuration. >> > > You pass it as a char[] to the API. Remember, HC is a just an API. It > might look at sys props under certain set ups IIRC. > See https://hc.apache.org/httpcomponents-core-4.4.x/httpcore/apidocs/org/apache/http/ssl/SSLContextBuilder.html Gary > > Gary > >> >> >> >> (Shameless plug) Every java main() method deserves http://picocli.info >> >> > On May 8, 2017, at 8:41, Gary Gregory <[email protected]> wrote: >> > >> > Note: Apache HttpCore let's you do this through a TrustStrategy. But I >> am >> > not suggesting we use HC, only that we consider a similar feature for >> 2.9. >> > >> > G >> > >> > >> > Gary >> > >> >> On May 7, 2017 3:06 PM, "Gary Gregory" <[email protected]> wrote: >> >> >> >> You have to plug in a custom trust manager into an SSL context. We do >> not >> >> allow for that in our config. We could ship a TM that does that and >> logs a >> >> "not for production" warning. >> >> >> >> Gary >> >> >> >>> On May 7, 2017 2:26 PM, "Matt Sicker" <[email protected]> wrote: >> >>> >> >>> You can import the self signed certificate into a key store and >> configure >> >>> that in the socket appender. I'm not sure if the SSL code in Java >> lets you >> >>> just blindly accept all self-signed certificates. >> >>> >> >>>> On 6 May 2017 at 23:21, Gary Gregory <[email protected]> wrote: >> >>>> >> >>>> Hi all, >> >>>> >> >>>> I do not see a way to configure SSL with out socket appenders to >> accept >> >>>> self-signed certificates (handy if not essential during development). >> >>>> >> >>>> Am I missing something? >> >>>> >> >>>> Gary >> >>>> >> >>>> -- >> >>>> E-Mail: [email protected] | [email protected] >> >>>> Java Persistence with Hibernate, Second Edition >> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_ >> >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459& >> >>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b >> >>> 1af9fe6a2b8> >> >>>> >> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l= >> am2&o=1&a= >> >>>> 1617290459> >> >>>> JUnit in Action, Second Edition >> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_ >> >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021& >> >>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac >> >>> 902a24de418%22 >> >>>>> >> >>>> >> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l= >> am2&o=1&a= >> >>>> 1935182021> >> >>>> Spring Batch in Action >> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_ >> >>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951& >> >>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B% >> >>>> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> >> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l= >> am2&o=1&a= >> >>>> 1935182951> >> >>>> Blog: http://garygregory.wordpress.com >> >>>> Home: http://garygregory.com/ >> >>>> Tweet! http://twitter.com/GaryGregory >> >>>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Matt Sicker <[email protected]> >> >>> >> >> >> > > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second Edition > <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459> > JUnit in Action, Second Edition > <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021> > Spring Batch in Action > <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459> JUnit in Action, Second Edition <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021> Spring Batch in Action <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
