-
Bug
-
Resolution: Done
-
Major
-
13.0.0.Beta2
-
None
-
-
Workaround Exists
-
When configuring https using the old security-realm the trust-manager factory is selected using the line:
trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
Which is incorrect and should use the TrustManagerFactory. Therefore by default in openjdk we are using the SunX509 factory instead of the default PKIX implementation. The default values for both factories are defined in the java.security file from the jdk:
# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # ssl.KeyManagerFactory.algorithm=SunX509 ssl.TrustManagerFactory.algorithm=PKIX
Using a exotic configuration can lead to an error if the KeyManagerFactory is configured to an algorithm that is not valid for the TrustManagerFactory (NewSunX509 for example).
- is cloned by
-
JBEAP-19984 [GSS] (7.3.z) Incorrect use of KeyManagerFactory.getDefaultAlgorithm instead of TrustManagerFactory
- Closed