smiklosovic commented on code in PR #3908: URL: https://github.com/apache/cassandra/pull/3908#discussion_r1975004720
########## src/java/org/apache/cassandra/security/FileBasedSslContextFactory.java: ########## @@ -294,5 +301,38 @@ protected boolean passwordMatchesIfPresent(String keyPassword) { return StringUtils.isEmpty(password) || keyPassword.equals(password); } + + private static String resolvePassword(String keystoreFilePath, String password, String passwordFilePath) + { + if (password != null) + return password; + + if (StringUtils.isEmpty(passwordFilePath)) + return password; Review Comment: I have tested that it is indeed true, `a_config:` will be `null` in the code and `a_config:""` will be `""` (empty string) in the code. What we do not seem to support is "empty string in a file". If a `password` config is commented out and `password_file` is not, then it will read it and it will get 0 lines. So in that case, I think that we should return `""` - empty password. Because having empty file (its size is 0) represents a file _with an empty password_. Not _null password_. If there is no password at all, both password and password_file configuration properties will be commented out. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org For additional commands, e-mail: pr-h...@cassandra.apache.org