search

antlibs / ant-http

A fork of missing link Ant HTTP task at Google Code
https://code.google.com/archive/p/missing-link/
Apache License 2.0
7 stars 3 forks source link

HTTPS <keystore> only supports trust stores and is confusing #29

Open twogee opened 9 years ago

twogee commented 9 years ago

Issue by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT Originally opened as https://github.com/twogee/missing-link/issues/29

The HTTPS <keystore> element only supports *trust stores*, not *key stores*. 
This is confusing and looks to have been caused by the JSSE storage object used 
by KeyManagerFactory and TrustManagerFactory being erroneously called KeyStore 
and that faulty abstraction leaking into Missing Link.

We have a HTTPS server that requires both a trust store *and* a key store. We 
will submit a patch soon that:

a) Renames the existing <keystore> element as <truststore>, as that is what it 
is
b) Introduce a new <keystore> element with the same properties - file and 
password, in case keystore and truststore are both used and do not share the 
same password
c) Change HttpClient under the hood to pass keystore and/or trust store into 
the JSSE SSLContext when establishing a HTTPS connection

Original issue reported on code.google.com by stephens...@googlemail.com on 22 Dec 2011 at 4:58

twogee commented 9 years ago

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

Attached is a patch for the above. 

After this change is released, existing HTTPS users of Missing Link will need 
to change their <keystore/> to a <truststore/>, as that is what they were doing 
in the first place. :)

Original comment by stephens...@googlemail.com on 22 Dec 2011 at 5:10

twogee commented 9 years ago

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

Attached

Original comment by stephens...@googlemail.com on 22 Dec 2011 at 5:10

Attachments:

twogee commented 9 years ago

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

Thanks for this, I must have been drinking at the time that I named the XML 
node <keystore>, as you are absolutely correct.

Applying milestone 1.2.0 since its a incompatibility change, after testing it 
out locally I will publish a 1.2.0 build

Original comment by alex.she...@gmail.com on 22 Dec 2011 at 5:27

twogee commented 9 years ago

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

No worries, it was a JSSE-loving colleague that did most of the heavy lifting 
on this one. If ML 1.2.0 could also include my patch for #26 and my *updated* 
patch for #23, that would be great. Cheers Alex. Steve

Original comment by stephens...@googlemail.com on 22 Dec 2011 at 5:50