smiklosovic commented on code in PR #3908:
URL: https://github.com/apache/cassandra/pull/3908#discussion_r1975004720
##########
src/java/org/apache/cassandra/security/FileBasedSslContextFactory.java:
##########
@@ -294,5 +301,38 @@ protected boolean passwordMatchesIfPresent(String
keyPassword)
{
return StringUtils.isEmpty(password) ||
keyPassword.equals(password);
}
+
+ private static String resolvePassword(String keystoreFilePath, String
password, String passwordFilePath)
+ {
+ if (password != null)
+ return password;
+
+ if (StringUtils.isEmpty(passwordFilePath))
+ return password;
Review Comment:
I have tested that it is indeed true, `a_config:` will be `null` in the code
and `a_config:""` will be `""` (empty string) in the code.
What we do not seem to support is "empty string in a file". If a `password`
config is commented out and `password_file` is not, then it will read it and it
will get 0 lines. So in that case, I think that we should return `""` - empty
password. Because having empty file (its size is 0) represents a file _with an
empty password_. Not _null password_.
If there is no password at all, both password and password_file
configuration properties will be commented out.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscr...@cassandra.apache.org
For additional commands, e-mail: pr-h...@cassandra.apache.org
