diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:28:17 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:35:35 +0100 |
commit | 6a33af1752ef731a368e4947f2afb123e8151c58 (patch) | |
tree | 6b732394ecbb9a5798f6c59b514837eaf81d6da2 /jrt/src/com/yahoo | |
parent | b3758264b1f374500408ecc8c6a5976012749574 (diff) |
Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager
Diffstat (limited to 'jrt/src/com/yahoo')
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index e0f15bf118e..cc59c29bc3b 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -2,11 +2,11 @@ package com.yahoo.jrt; +import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.ReloadingTlsContext; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; -import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; import java.nio.channels.SocketChannel; @@ -23,7 +23,8 @@ public interface CryptoEngine extends AutoCloseable { if (!TransportSecurityUtils.isTransportSecurityEnabled()) { return new NullCryptoEngine(); } - TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), Mode.DRY_RUN); + AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode().orElse(AuthorizationMode.ENFORCE); + TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode); TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext); if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) { return tlsCryptoEngine; |