Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL reports deprecated setting, but ssl.ini still uses it #9386

Closed
ChrisHuebsch-FLIG opened this issue Feb 16, 2023 · 3 comments · Fixed by #10172
Closed

SSL reports deprecated setting, but ssl.ini still uses it #9386

ChrisHuebsch-FLIG opened this issue Feb 16, 2023 · 3 comments · Fixed by #10172
Labels
Bug For general bugs on Jetty side

Comments

@ChrisHuebsch-FLIG
Copy link

ChrisHuebsch-FLIG commented Feb 16, 2023
edited
Loading

Jetty version(s)
jetty-10.0.13; built: 2022-12-07T20:13:20.134Z

Java version/vendor (use: java -version)
penjdk version "11.0.18" 2023-01-17
OpenJDK Runtime Environment Temurin-11.0.18+10 (build 11.0.18+10)
OpenJDK 64-Bit Server VM Temurin-11.0.18+10 (build 11.0.18+10, mixed mode)

OS type/version
Windows Server 2019

Description
Jetty complains about deprecated setting:
oejx.XmlConfiguration:main: Property 'jetty.sslContext.keyStoreAbsolutePath' is deprecated, use 'jetty.sslContext.keyStorePath' instead

But in the provided sample ssl.ini it is still in use:

## The KeyStore file path (relative to $JETTY_BASE).
# jetty.sslContext.keyStorePath=etc/keystore.p12
## The KeyStore absolute file path.
# jetty.sslContext.keyStoreAbsolutePath=${jetty.base}/etc/keystore.p12

How to reproduce?
Setup a jetty with ssl and start it.

Question for the discussion
Is it possible to use keyStorePath with an absolute filename?
Documentation does not indicate so.
@ChrisHuebsch-FLIG ChrisHuebsch-FLIG added the Bug For general bugs on Jetty side label Feb 16, 2023
@joakime
Copy link
Contributor

joakime commented Feb 20, 2023

Is it possible to use keyStorePath with an absolute filename?

No, it's not possible to use the jetty.sslContext.keyStorePath with an absolute filename.

Use jetty.sslContext.keyStoreAbsolutePath instead.

@ChrisHuebsch-FLIG
Copy link
Author

Then please don't remove that setting and/or remove the deprecation warning.
I have several jettys (jetties?) running in parallel and they share one common cert store.
I would not prefer to have to manage the certificates individually on every instance.

@sbordet
Copy link
Contributor

sbordet commented Jul 29, 2023

@ChrisHuebsch-FLIG it is definitely possible to use absolute file names for jetty.sslContext.keyStorePath, since Jetty 10.0.2 and #6021 and #6022.

I'll update the mod files and the documentation.

sbordet added a commit that referenced this issue Jul 29, 2023
@sbordet
Fixes #9386 - SSL reports deprecated setting, but ssl.ini still uses it.
04b2d75 
Removed references to deprecated properties `jetty.sslContext.[key|trust]StoreAbsolutePath`.
Updated documentation to explicitly report that the path can be absolute.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
@sbordet sbordet linked a pull request Jul 29, 2023 that will close this issue
Fixes #9386 - SSL reports deprecated setting, but ssl.ini still uses it. #10172
Merged
sbordet added a commit that referenced this issue Jul 31, 2023
@sbordet
Fixes #9386 - SSL reports deprecated setting, but ssl.ini still uses it.
56e0069 
Removed references to deprecated properties `jetty.sslContext.[key|trust]StoreAbsolutePath`.
Updated documentation to explicitly report that the path can be absolute.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #9386 - SSL reports deprecated setting, but ssl.ini still uses it. jetty/jetty.project
3 participants
@joakime @sbordet @ChrisHuebsch-FLIG