You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/12/07 12:56:02 UTC

[Bug 60450] Setting keystore type shouldn't override the truststore type

https://bz.apache.org/bugzilla/show_bug.cgi?id=60450

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
From the 8.5.x documentation:

<quote>
truststoreType  
JSSE only.

The type of key store used for the trust store. The default is the value of the
javax.net.ssl.trustStoreType system property. If that property is null, the
value of keystoreType is used as the default.
</quote>

Those docs could do with an update to make clear it is the key store type of
the default certificate that is used.

PKCS12 is somewhat of a special case since the trust store is unlikely to be in
the same format as the key store.

I'm currently leaning towards WONTFIX for the original request in this report
since the behaviour is documented and makes sense for key store types other
than PKCS12.

A possible enhancement could be for the trust store type to default to JKS if
the keys store type is PKCS12. However, that would add complexity.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org