[Bug 64141] APR SSL: Required certificate verification uses -Djavax.net.ssl.trustStore instead of caCertificateFile

bugzilla Thu, 13 Feb 2020 14:03:29 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=64141


Remy Maucherat <r...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #2 from Remy Maucherat <r...@apache.org> ---
The configuration looks ok to me in theory as APR will use caCertificateFile.

However, if you look at SSLHostConfig, you can notice that:
private String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
So the system property sets truststoreFile, which is then used to get the trust
managers (and caCertificateFile is then not used at all).

IMO: bad luck, this may be a WONTFIX.

The workaround mentioned by Chris by creating a keystore is correct, since
setting truststoreFile will override the value from the system property.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64141] APR SSL: Required certificate verification uses -Djavax.net.ssl.trustStore instead of caCertificateFile

Reply via email to