[jira] [Comment Edited] (ARTEMIS-2961) Configuration SSL/TLS - no way to "reset" password with forceSSLParameters

Tue, 27 Oct 2020 06:53:25 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-2961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17221447#comment-17221447
 ] 

Ingemar Allqvist edited comment on ARTEMIS-2961 at 10/27/20, 1:52 PM:
----------------------------------------------------------------------

A minimal change, would be to loosen the parser somewhat, (generally) allowing 
"one sided assignments":

forceSSLParameters=true;host=(...)=trustStorePath=/path/to/truststore.jks;*trustStorePassword=;*

setting the value to null.

As far as I can see, there wouldn't be any backwards compatibility issues with 
this.


was (Author: kfm_ingo):
A minimal change, would be to loosen the parser somewhat, (generally) allowing 
"one sided assignments":

forceSSLParameters=true;host=(...)=trustStorePath=/path/to/truststore.jks;*trustStorePassword=;*

thus setting the value to null.

As far as I can see, there wouldn't be any backwards compatibility issues with 
this.

> Configuration SSL/TLS - no way to "reset" password with forceSSLParameters
> --------------------------------------------------------------------------
>
>                 Key: ARTEMIS-2961
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2961
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: API
>    Affects Versions: 2.15.0
>            Reporter: Ingemar Allqvist
>            Priority: Major
>
> I'm a bit stuck here.
> We're using the client, through JCA,  in an application server. The 
> application has a number of TLS connections, including the connection to the 
> artemis broker.
> The issue is, that we use a couple of different trust stores. Some has 
> passwords, some don't. 
> The "default", "javax.net.ssl.trustStorePassword" has a password (serving som 
> SOAP and REST connections), while the trust store used in the broker 
> connection don't.
> I can't figure out how to set the broker connections' password to null. 
> ForceSSLParameters doesn't help, well, i have no "trustStorePassword" to 
> provide, it must be null - otherwise the trust store is "tampered with" when 
> the application server tries to connect.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to