[Bug 60450] New: Setting keystore type shouldn't override the truststore type

bugzilla Wed, 07 Dec 2016 04:37:18 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=60450


            Bug ID: 60450
           Summary: Setting keystore type shouldn't override the
                    truststore type
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Util
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ----

Say I have a keystore in PKCS12 format and a truststore in the default JKS
format.

By setting the keystore type (PKCS12) and NOT explicitly overriding the default
truststore type (JKS), the truststore type now also gets changed to PKCS12 and
fails to load.

This line is the issue:
https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java#L585

This behavior is currently very unintuitive and not documented anywhere. I
strongly believe change the keystore type should not secretly alter the
truststore type.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60450] New: Setting keystore type shouldn't override the truststore type

Reply via email to