Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #5689 - Jetty ssl keystorePath doesn't work with absolute path. #5867

Merged
merged 1 commit into from
Jan 12, 2021
Merged

Fixes #5689 - Jetty ssl keystorePath doesn't work with absolute path. #5867

merged 1 commit into from
Jan 12, 2021

Conversation

sbordet
Copy link
Contributor

@sbordet sbordet commented Jan 8, 2021

Introduced new properties jetty.sslContext.keyStoreAbsolutePath
and jetty.sslContext.trustStoreAbsolutePath to default to
${jetty.base}/etc/keystore.

Signed-off-by: Simone Bordet simone.bordet@gmail.com

@sbordet
Fixes #5689 - Jetty ssl keystorePath doesn't work with absolute path.
d7e5587 
Introduced new properties jetty.sslContext.keyStoreAbsolutePath
and jetty.sslContext.trustStoreAbsolutePath to default to
${jetty.base}/etc/keystore.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
@sbordet sbordet requested a review from gregw January 8, 2021 20:54
@sbordet sbordet linked an issue Jan 8, 2021 that may be closed by this pull request
Jetty ssl keystorePath doesn't work with absolute path #5689
Closed
gregw
gregw requested changes Jan 11, 2021
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer no having a new parameter. I've suggested an alternative that might be workable.... but if not, then I'll approve this PR as is.

jetty-server/src/main/config/etc/jetty-ssl-context.xml
Comment on lines +25 to +31
<Set name="TrustStorePath">
<Property name="jetty.sslContext.trustStoreAbsolutePath">
<Default>
<Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/>
</Default>
</Property>
</Set>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than introduce a new property to resolve the absolute vs relative issue, might it not be better to introduce a static helper method:

Suggested change
<Set name="TrustStorePath">
<Property name="jetty.sslContext.trustStoreAbsolutePath">
<Default>
<Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/>
</Default>
</Property>
</Set>
<Set name="TrustStorePath">
<Call class="org.eclipse.jetty.xml.XmlConfiguration" name="addPaths">
<Arg><Property name="jetty.base" default="." /></Arg>
<Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/></Arg>
</Call>
</Set>

Perhaps even URIUtil.addPaths can be used? Hmmm but then I guess we get caught up in portability issues and working out if C:some\path is relative or not.

gregw
gregw approved these changes Jan 11, 2021
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because existing users might have / and we remove // this approach is best for backwards compatibility

@sbordet sbordet merged commit 1789167 into jetty-9.4.x Jan 12, 2021
@sbordet sbordet deleted the jetty-9.4.x-5689-keyStore_absolute_path branch January 12, 2021 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregw gregw gregw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Jetty ssl keystorePath doesn't work with absolute path
2 participants
@sbordet @gregw