Bugzilla – Full Text Bug Listing
| Summary: | SslContextFactory#setKeyStore(java.security.KeyStore) is ignored, leading to misleading "no matching ciphers" exceptions | ||
|---|---|---|---|
| Product: | [RT] Jetty | Reporter: | Marshall Pierce <marshall> |
| Component: | server | Assignee: | Greg Wilkins <gregw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | CC: | jetty-inbox |
| Version: | 7.5.3 | ||
| Target Milestone: | 7.5.x | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Whiteboard: | |||
Allow the KeyStore to be set. Also allow TrustAll to be set, so if it is false and no keystore and truststore is set, then null is passed and the defaults used. |
SslContextFactory#setKeyStore(java.security.KeyStore) sets the _keyStore field. That field (among other _keyStore* fields) is used in loadKeyStore(), which is only used in the "you've configured a keystore" of doStart() (L247). However, the "you haven't configured a keystore" branch of doStart() is used mistakenly since L210-211 do not check if _keyStore was set, only if the other _keyStore* fields: if (_keyStoreInputStream == null && _keyStorePath == null && _trustStoreInputStream == null && _trustStorePath == null )