Add the CA certificates to configuration and read it from application package

author: Øyvind Grønnesby <oyving@verizonmedia.com> 2019-08-12 16:36:14 +0200
committer: Øyvind Grønnesby <oyving@verizonmedia.com> 2019-08-12 16:39:26 +0200
commit: b3d356dcfa20bee655e4e95531f82268c68c32d1 (patch)
tree: d2bb31565f0ecaf1d47091c832a75efe2f82723f /jdisc_http_service
parent: 8f72e05f6454f75da6130b94e6fc2912ce1cdd4b (diff)
2 files changed, 9 insertions, 0 deletions
diff --git a/jdisc_http_service/abi-spec.json b/jdisc_http_service/abi-spec.json
index f915dc1e8c1..b06250c4593 100644
--- a/jdisc_http_service/abi-spec.json
+++ b/jdisc_http_service/abi-spec.json
@@ -82,6 +82,7 @@
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificateFile(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificate(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder caCertificateFile(java.lang.String)",
+      "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder caCertificate(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder clientAuth(com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl build()"
     ],
@@ -137,6 +138,7 @@
       "public java.lang.String certificateFile()",
       "public java.lang.String certificate()",
       "public java.lang.String caCertificateFile()",
+      "public java.lang.String caCertificate()",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum clientAuth()"
     ],
     "fields": []
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index c6c6fad345b..9b6fb5401e2 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -69,7 +69,14 @@ ssl.certificateFile                 string   default=""
 ssl.certificate                     string   default=""
 
 # with trusted CA certificates in PEM format. Used to verify clients
+#  - this is the name of a file on the local container file system
+#  - only one of caCertificateFile and caCertificate
 ssl.caCertificateFile               string default=""
 
+# with trusted CA certificates in PEM format. Used to verify clients
+#  - this is the actual certificates instead of a pointer to the file
+#  - only one of caCertificateFile and caCertificate
+ssl.caCertificate                   string default=""
+
 # Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
 ssl.clientAuth                      enum { DISABLED, WANT_AUTH, NEED_AUTH }  default=DISABLED
author	Øyvind Grønnesby <oyving@verizonmedia.com>	2019-08-12 16:36:14 +0200
committer	Øyvind Grønnesby <oyving@verizonmedia.com>	2019-08-12 16:39:26 +0200
commit	b3d356dcfa20bee655e4e95531f82268c68c32d1 (patch)
tree	d2bb31565f0ecaf1d47091c832a75efe2f82723f /jdisc_http_service
parent	8f72e05f6454f75da6130b94e6fc2912ce1cdd4b (diff)