https://bz.apache.org/bugzilla/show_bug.cgi?id=64141
--- Comment #4 from Martin Wegner <martin.weg...@ebp.de> ---
(In reply to Remy Maucherat from comment #2)
> The configuration looks ok to me in theory as APR will use caCertificateFile.
>
> However, if you look at SSLHostConfig, you can notice that:
> private String truststoreFile =
> System.getProperty("javax.net.ssl.trustStore");
> So the system property sets truststoreFile, which is then used to get the
> trust managers (and caCertificateFile is then not used at all).
>
> IMO: bad luck, this may be a WONTFIX.
>
> The workaround mentioned by Chris by creating a keystore is correct, since
> setting truststoreFile will override the value from the system property.
I checked the source code and you are right. When the JSSE only parameters
truststoreFile and truststorePassword are set, then the caCertificateFile would
be ignored and the provided truststore would be used. If this is intended, then
the documentation should be updated.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
