[
https://issues.apache.org/jira/browse/LOG4J2-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remko Popma updated LOG4J2-2054:
--------------------------------
Description:
Following up on LOG4J2-1896, currently SecureSocketAppender can only be
configured by specifying the passwords to the trust store and the key store in
plain text in the log4j 2 configuration file.
Provide alternative configurations that obtain the password from different
sources, for example:
* system environment variable
* file
Example configuration:
{noformat}
<Appenders>
<Socket name="socket" host="localhost"
port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
ignoreExceptions="false">
<JsonLayout properties="true"/>
<Ssl>
<KeyStore
location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
<TrustStore
location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
</Ssl>
</Socket>
</Appenders>
{noformat}
was:
Following up on LOG4J2-1896, currently SecureSocketAppender can only be
configured by specifying the passwords to the trust store and the key store in
plain text in the log4j 2 configuration file.
Provide alternative configurations that obtain the password from different
sources, for example:
* system environment variable
* file
Example configuration:
{noformat}
<Appenders>
<Socket name="socket" host="localhost"
port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
ignoreExceptions="false">
<JsonLayout properties="true"/>
<SocketOptions keepAlive="false" receiveBufferSize="10000"
reuseAddress="false" rfc1349TrafficClass="IPTOS_LOWCOST"
sendBufferSize="8000" soLinger="12345" soTimeout="54321"
tcpNoDelay="false">
<SocketPerformancePreferences bandwidth="100" connectionTime="100"
latency="100" />
</SocketOptions>
<Ssl>
<KeyStore
location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
<TrustStore
location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
</Ssl>
</Socket>
</Appenders>
{noformat}
> Provide ways to configure SSL that avoid plain-text passwords in the log4j
> configuration
> ----------------------------------------------------------------------------------------
>
> Key: LOG4J2-2054
> URL: https://issues.apache.org/jira/browse/LOG4J2-2054
> Project: Log4j 2
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 2.9.1
> Reporter: Remko Popma
> Assignee: Remko Popma
> Fix For: 2.10.0
>
>
> Following up on LOG4J2-1896, currently SecureSocketAppender can only be
> configured by specifying the passwords to the trust store and the key store
> in plain text in the log4j 2 configuration file.
> Provide alternative configurations that obtain the password from different
> sources, for example:
> * system environment variable
> * file
> Example configuration:
> {noformat}
> <Appenders>
> <Socket name="socket" host="localhost"
> port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
> ignoreExceptions="false">
> <JsonLayout properties="true"/>
> <Ssl>
> <KeyStore
> location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
> passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
> <TrustStore
> location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
> passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
> </Ssl>
> </Socket>
> </Appenders>
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
