Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support favoring other Cryptographic Providers #240

Merged
merged 1 commit into from
Sep 26, 2019
Merged

Support favoring other Cryptographic Providers #240

merged 1 commit into from
Sep 26, 2019

Conversation

cipherboy
Copy link
Member

We're previously given the option to either install the JSS provider or
not, and optionally to remove the Sun Provider. Users can re-order the
providers later if they want, but the most common other option will be
to only use JSS for specified operations. To achieve this, we put JSS as
the very last provider. Hence, add:

installJSSProviderFirst = true

as a new value in InitializationValues.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

@cipherboy
Support favoring other Cryptographic Providers
f7f4142 
We're previously given the option to either install the JSS provider or
not, and optionally to remove the Sun Provider. Users can re-order the
providers later if they want, but the most common other option will be
to only use JSS for specified operations. To achieve this, we put JSS as
the very last provider. Hence, add:

 installJSSProviderFirst = true

as a new value in InitializationValues.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
@cipherboy cipherboy added enhancement New feature or request javax Work to support javax.net.ssl interfaces labels Aug 21, 2019
@cipherboy cipherboy added this to the 4.6.2 milestone Aug 21, 2019
@cipherboy cipherboy requested a review from edewata August 21, 2019 23:14
@cipherboy cipherboy self-assigned this Aug 21, 2019
@edewata
Copy link
Contributor

edewata commented Aug 22, 2019

As discussed on IRC, the patch works, but maybe the ideal solution is to modify everything that requires JSS to explicitly use JSS provider so that the order of system providers does not matter.

@cipherboy
Copy link
Member Author

cipherboy commented Aug 22, 2019
edited
Loading

Well, I think this is a good PR to have from an upstream provider, I agree that we can explicitly call into JSS in TomcatJSS / PKI if we want to.

But the real PR that we want to have in JSS is to use the system trust store. That is what will really fix your issue I think.

Edit: So I'm in favor of merging this.

@cipherboy
Copy link
Member Author

Pending a system trust store sensitive TrustManager, I'm going to go ahead and merge this as well.

@cipherboy cipherboy merged commit 2c63127 into dogtagpki:master Sep 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata Awaiting requested review from edewata

Assignees

@cipherboy cipherboy

Labels
enhancement New feature or request javax Work to support javax.net.ssl interfaces
Projects
None yet
Milestone
4.6.2
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @edewata