gemmellr commented on code in PR #5407: URL: https://github.com/apache/activemq-artemis/pull/5407#discussion_r1890260472
########## tests/security-resources/build.sh: ########## @@ -174,6 +174,7 @@ echo source.cert=classpath:unknown-server-cert.pem >> unknown-server-keystore.pe openssl pkcs12 -in client-keystore.p12 -out client-key-cert.pem -nodes -password pass:$STORE_PASS keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca-cert.pem keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca-cert.pem +cat client-ca-cert.pem server-ca-cert.pem > client-and-server-ca-cert.pem Review Comment: Would put this in its own section, its really a distinct usage from the bits in the section above (which probably should not be grouped together to begin with as they are for different things) ```suggestion ## Combined ca-certs pem to verify loading of multiple certs cat client-ca-cert.pem server-ca-cert.pem > client-and-server-ca-cert.pem ``` ########## tests/security-resources/client-and-server-ca-cert.pem: ########## @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- Review Comment: Since adding this file, which is only copying/using existing certs, is the only reason change needed beyond the build.sh script...I think we should just avoid regneerating the whole set of files this time to minimise the overall change and make more obvious the effect of them, i.e you can just revert the changes to all the other security-resources files except those two. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For additional commands, e-mail: gitbox-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
