David Tarr created CXF-6944:
-------------------------------
Summary: cacerts is loaded while different truststore is specified
Key: CXF-6944
URL: https://issues.apache.org/jira/browse/CXF-6944
Project: CXF
Issue Type: Improvement
Components: Transports
Affects Versions: 2.7.18
Reporter: David Tarr
Priority: Minor
It seems cxf still loads the cacerts eventhough a different truststore is
specified (programmatically - not via cxf.xml). Could this potentially load to
a security-risk?
When I remove the trusted key from the different truststore, the server is not
trusted and the handshake fails.
{noformat}
2016-06-17 13:45:21,213 INFO [main] spring.BusApplicationContext - Loaded
configuration file cxf.xml.
2016-06-17 13:45:21,213 INFO [main]
spring.ControlledValidationXmlBeanDefinitionReader - Loading XML bean
definitions from class path resource [META-INF/cxf/cxf.xml]
2016-06-17 13:45:21,322 INFO [main]
spring.ControlledValidationXmlBeanDefinitionReader - Loading XML bean
definitions from class path resource [cxf.xml]
2016-06-17 13:45:21,793 INFO [main] factory.ReflectionServiceFactoryBean -
Creating Service
{http://www.quinity.com/qis/soap/coveragedecisionservice}CoverageDecisionServiceService
from class com.quinity.qis.soap.coveragedecisionservice.CoverageDecisionService
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Java\jdk1.7.0_79\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
...
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
