You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2022/07/12 13:44:02 UTC

[GitHub] [logging-log4j2] kristofarkas opened a new pull request, #959: [LOG4J2-3548] Don't replace null password with default if provided

kristofarkas opened a new pull request, #959:
URL: https://github.com/apache/logging-log4j2/pull/959

   Password-less key stores require passing null as password. A recent change prevented that, replacing null password with a default value. This PR reverts that change, allowing null password to be used again.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [logging-log4j2] ppkarwasz commented on pull request #959: [LOG4J2-3548] Don't replace null password with default if provided

Posted by GitBox <gi...@apache.org>.

ppkarwasz commented on PR #959:
URL: https://github.com/apache/logging-log4j2/pull/959#issuecomment-1200281703

   Hi @kristofarkas,
   
   I would appreciate if you could add some tests to prevent a regression in the future. I imagine we would like to check these three cases:
   
    * a PKCS12 keystore with a non-empty password,
    * a PKCS12 keystore with an empty password,
    * a keystore, which requires both password and location to be `null` (e.g. `Windows-MY` and `Windows-ROOT`).
   
   While your PR fixes the usage of `Windows-MY/ROOT` inside a Log4j2 configuration file, there is another case that you could consider fixing: the `SslConfigurationFactory` contains an `SslConfiguration` used to download a Log4j2 configuration file itself over HTTPS. Unless I am mistaken, this configuration will not work with `Windows-MY`, since it requires the property "log4j2.keyStoreLocation" to be non-null.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [logging-log4j2] ppkarwasz merged pull request #959: [LOG4J2-3548] Don't replace null password with default if provided

Posted by GitBox <gi...@apache.org>.

ppkarwasz merged PR #959:
URL: https://github.com/apache/logging-log4j2/pull/959


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [logging-log4j2] ppkarwasz commented on pull request #959: [LOG4J2-3548] Don't replace null password with default if provided

Posted by GitBox <gi...@apache.org>.

ppkarwasz commented on PR #959:
URL: https://github.com/apache/logging-log4j2/pull/959#issuecomment-1240817291

   @kristofarkas, thank you for your contribution.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org