lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-11678) SSL not working if store and key passwords are different
Date Sun, 14 Apr 2019 23:25:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817475#comment-16817475
] 

Jan Høydahl commented on SOLR-11678:
------------------------------------

[~Constantin Bugneac] How do you create your jks files? Can you provide step by step reproduction
with docker example, including the jks generation?

> SSL not working if store and key passwords are different
> --------------------------------------------------------
>
>                 Key: SOLR-11678
>                 URL: https://issues.apache.org/jira/browse/SOLR-11678
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 6.6.2
>            Reporter: Constantin Bugneac
>            Priority: Major
>
> If I specify different passwords for store and key then Solr fails to read certificate
from JKS file with the below error.
> Example:
> SOLR_SSL_KEY_STORE_PASSWORD: "secret1"
> SOLR_SSL_TRUST_STORE_PASSWORD: "secret2"
> If I set the same password for both - it works just fine.
> Tested with the docker image 6.6.2 available here https://hub.docker.com/_/solr/
> I don't know whether this is JAVA nuance or Solr implementation issue but from security
point of view there there is no point to have the same password assigned for both the key
store and private key bound to specific certificate.
> Expected behaviour: It should allow to specify different passwords.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message