You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/07/30 19:51:00 UTC

[jira] [Work logged] (KNOX-2434) Knox should fallback to JDK default keystore/truststore type instead of hardcoding JKS

     [ https://issues.apache.org/jira/browse/KNOX-2434?focusedWorklogId=464711&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-464711 ]

ASF GitHub Bot logged work on KNOX-2434:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Jul/20 19:50
            Start Date: 30/Jul/20 19:50
    Worklog Time Spent: 10m 
      Work Description: risdenk opened a new pull request #366:
URL: https://github.com/apache/knox/pull/366


   ## What changes were proposed in this pull request?
   
   Replace hardcoded `JKS` with `KeyStore.getDefaultType()`
   
   ## How was this patch tested?
   
   * `mvn -U -T.75C clean verify -Ppackage,release -Dshellcheck`
   * Check that this fixes FIPS crypto when default keystore configured at JDK level


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 464711)
    Remaining Estimate: 0h
            Time Spent: 10m

> Knox should fallback to JDK default keystore/truststore type instead of hardcoding JKS
> --------------------------------------------------------------------------------------
>
>                 Key: KNOX-2434
>                 URL: https://issues.apache.org/jira/browse/KNOX-2434
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.4.0
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.5.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently Knox has a few configuration options for overriding the keystore/truststore type and if these are not specified it falls back to hardcoded "JKS". This should fallback instead of the JDK default configured keystore/truststore type. This will cause issues when an administrator wants to control the keystore type globally at the JDK level. This happens when doing FIPS crypto modules.
> It would be better to use KeyStore.getDefaultType() instead of hardcoding JKS.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)