diff options
author | Jon Bratseth <bratseth@yahoo-inc.com> | 2017-10-03 11:10:14 +0200 |
---|---|---|
committer | Jon Bratseth <bratseth@yahoo-inc.com> | 2017-10-03 11:10:14 +0200 |
commit | e08589caea0a36178286664db6a090a253367c8f (patch) | |
tree | 04f1f787ea7253ee8ccf7f6258402cd931819f58 | |
parent | b79e01e3568b3369ff2e75900a54c85d53da8a38 (diff) |
Allow swetting no trust store password
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 5 | ||||
-rw-r--r-- | jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def | 8 |
2 files changed, 10 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index 17db201ad95..d11b8f0516b 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -190,8 +190,9 @@ public class ConnectorFactory { if (!sslConfig.trustStorePath().isEmpty()) { factory.setTrustStorePath(sslConfig.trustStorePath()); - factory.setTrustStoreType(sslConfig.trustStoreType().toString()); - factory.setTrustStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("trust"))); + factory.setTrustStoreType(sslConfig.trustStoreType().toString()); + if (sslConfig.useTrustStorePassword()) + factory.setTrustStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("trust"))); } factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm()); diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index 36d0ec57f4e..8d709cb8ab1 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -43,7 +43,9 @@ tcpNoDelay bool default=true # Whether to enable SSL for this connector. ssl.enabled bool default=false -# The KeyDB key. +# The name of the key to the password to the key store if in the secret store, if JKS is used. +# Must be empty with PEM +# By default this is also used to look up the password to the trust store. ssl.keyDbKey string default="" # Names of protocols to exclude. @@ -72,6 +74,10 @@ ssl.trustStoreType enum { JKS } default=JKS # JKS only - the path to the truststore. ssl.trustStorePath string default="" +# Whether we should use keyDbKey as password to the trust store (true, default), +# or use no password with the trust store (false) +ssl.useTrustStorePassword bool default=true + # The algorithm name used by the KeyManagerFactory. ssl.sslKeyManagerFactoryAlgorithm string default="SunX509" |