You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2016/06/30 13:58:10 UTC

[jira] [Commented] (QPID-7224) Exposed truststores should exclude/include based on virtualhostnode rather than virtualhost

    [ https://issues.apache.org/jira/browse/QPID-7224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15357112#comment-15357112 ] 

ASF subversion and git services commented on QPID-7224:
-------------------------------------------------------

Commit 1750798 from [~lorenz.quack] in branch 'java/trunk'
[ https://svn.apache.org/r1750798 ]

QPID-7224: [Java Broker] Exposed TrustStores should include/exclude based on VirtualHostNodes rather than VirtualHosts

> Exposed truststores should exclude/include based on virtualhostnode rather than virtualhost
> -------------------------------------------------------------------------------------------
>
>                 Key: QPID-7224
>                 URL: https://issues.apache.org/jira/browse/QPID-7224
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>             Fix For: qpid-java-6.1
>
>
> Truststores can be exposed as a message sources to clients for the purposes of public key distribution for end-to-end message encryption.
> If a truststore is exposed, by default the truststore is exposed to all virtualhosts.  The user can opt to make this more restrictive by opting to include or exclude virtualhosts.
> The inclusion/exclusion based on virtualhost is problematic in the HA case, as the virtualhost may be elsewhere in the group.  This would prevent the Truststore from starting (it would go into error).
> The Truststore implementations must change to have inclusion/exclusion based on virtualhostnode.
> The configuration upgrader will need to guess that the virtualhostnode name is the same as the virtualhost.  This will work with default configuration in the non-HA case (where virtualhostnode name = virtualhost name), but will fail in the HA case.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org