Hi Olve, > Should I file a Jira issue
This is a known bug: https://issues.apache.org/jira/browse/WSS-84 > , (and possibly a patch) for this? Please do! How about this behaviour in AbstractCrypto: If the System properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword are set then use this truststore and do not load /lib/security/cacerts. If these properties are not set, then see if the user has defined a truststore in the properties file. We already have: org.apache.ws.security.crypto.merlin.cacerts.password and we need a new tag that corresponds to the location of the truststore. Finally, if there are no truststores defined in the properties file, then load the default trust store. What do you think? Colm. -----Original Message----- From: Olve Hansen [mailto:[EMAIL PROTECTED] Sent: 28 November 2008 19:52 To: [email protected] Subject: Bug in AbstractCrypto; hardcoded loading of default java truststore In the class AbstractCrypto I discovered something that could qualify as a bug when loading the truststore. It seems there is no way to overload the truststore, i..e. it is always hardcoded to the path: String cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts"; So if a system has a specialized way of handlign trust-stores, you will run into problems. I am currently developing a system to be deployed on Websphere, which does exactly this. Other systems honor the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties, but I find that wss4j does not... Should I file a Jira issue, (and possibly a patch) for this? I see also that it is possible to change the cacerts truststore password with the property "org.apache.ws.security.crypto.merlin.cacerts.password". What is the point of changing the password used to unlock the store, when it is always hardcoded to the default store (just in case I missed something)? Regards, -- \ Olve S. Hansen \ mailto:[EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-defaul t-java-truststore-tp20739755p20739755.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
