Keith Wall created QPID-7224:
--------------------------------
Summary: Exposed truststores should exclude/include based on
virtualhostnode rather than virtualhost
Key: QPID-7224
URL: https://issues.apache.org/jira/browse/QPID-7224
Project: Qpid
Issue Type: Bug
Components: Java Broker
Reporter: Keith Wall
Fix For: qpid-java-6.1
Truststores can be exposed as a message sources to clients for the purposes of
public key distribution for end-to-end message encryption.
If a truststore is exposed, by default the truststore is exposed to all
virtualhosts. The user can opt to make this more restrictive by opting to
include or exclude virtualhosts.
The inclusion/exclusion based on virtualhost is problematic in the HA case, as
the virtualhost may be elsewhere in the group. This would prevent the
Truststore from starting (it would go into error).
The Truststore implementations must change to have inclusion/exclusion based on
virtualhostnode.
The configuration upgrader will need to guess that the virtualhostnode name is
the same as the virtualhost. This will work with default configuration in the
non-HA case (where virtualhostnode name = virtualhost name), but will fail in
the HA case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
