iankko
commented
6 years ago @rcernich @maschmid PTAL (once you got a chance)
Thank you, Jan
Closed iankko closed 6 years ago
iankko
commented
6 years ago @rcernich @maschmid PTAL (once you got a chance)
Thank you, Jan
slaskawi
commented
6 years ago To be honest, I'm not sure if this PR is correct. JGroups ASYM encryption doesn't require any keystore (see this link). The one that requires a keystore is JGroups SYM encryption.
iankko
commented
6 years ago @slaskawi That's correct. If you look at the changes, what they are doing is removing the previous JGroups keystore definition (and corresponding SA definition) that (incorrectly) was there before, since they are not needed.
They were added (for both HTTPS and JGroups scenarios) before, when the templates started to use the OpenShift's serving certificate secrets service. But within JGroups ASYM_ENCRYPT protocol support rewrite/add-on for the images I realized, the ASYM_ENCRYPT protocol doesn't need keystore, and therefore the JGroups keystore/secret part got removed back.
HTH, Jan
slaskawi
commented
6 years ago oooh right! Please forgive me, I have no idea how I confused green parts (added) with the red ones (removed) in this PR. I'd better not cross any crosswalks today!
Drop the:
from x509 templates. These are not needed, since JGroups auto-generates its own private/public key pair.
Update README.md
Enable JGroups ASYM_ENCRYPT for RH-SSO x509 templates by default.
Signed-off-by: Jan Lieskovsky jlieskov@redhat.com