aboutsummaryrefslogtreecommitdiffstats
path: root/jrt/src/com/yahoo
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-12-05 16:28:17 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-12-05 16:35:35 +0100
commit6a33af1752ef731a368e4947f2afb123e8151c58 (patch)
tree6b732394ecbb9a5798f6c59b514837eaf81d6da2 /jrt/src/com/yahoo
parentb3758264b1f374500408ecc8c6a5976012749574 (diff)
Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager
Diffstat (limited to 'jrt/src/com/yahoo')
-rw-r--r--jrt/src/com/yahoo/jrt/CryptoEngine.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java
index e0f15bf118e..cc59c29bc3b 100644
--- a/jrt/src/com/yahoo/jrt/CryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java
@@ -2,11 +2,11 @@
package com.yahoo.jrt;
+import com.yahoo.security.tls.AuthorizationMode;
import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.ReloadingTlsContext;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.TransportSecurityUtils;
-import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode;
import java.nio.channels.SocketChannel;
@@ -23,7 +23,8 @@ public interface CryptoEngine extends AutoCloseable {
if (!TransportSecurityUtils.isTransportSecurityEnabled()) {
return new NullCryptoEngine();
}
- TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), Mode.DRY_RUN);
+ AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode().orElse(AuthorizationMode.ENFORCE);
+ TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode);
TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext);
if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) {
return tlsCryptoEngine;