qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-7224) Exposed truststores should exclude/include based on virtualhostnode rather than virtualhost
Date Thu, 21 Apr 2016 16:14:25 GMT
Keith Wall created QPID-7224:
--------------------------------

             Summary: Exposed truststores should exclude/include based on virtualhostnode
rather than virtualhost
                 Key: QPID-7224
                 URL: https://issues.apache.org/jira/browse/QPID-7224
             Project: Qpid
          Issue Type: Bug
          Components: Java Broker
            Reporter: Keith Wall
             Fix For: qpid-java-6.1


Truststores can be exposed as a message sources to clients for the purposes of public key
distribution for end-to-end message encryption.

If a truststore is exposed, by default the truststore is exposed to all virtualhosts.  The
user can opt to make this more restrictive by opting to include or exclude virtualhosts.

The inclusion/exclusion based on virtualhost is problematic in the HA case, as the virtualhost
may be elsewhere in the group.  This would prevent the Truststore from starting (it would
go into error).

The Truststore implementations must change to have inclusion/exclusion based on virtualhostnode.

The configuration upgrader will need to guess that the virtualhostnode name is the same as
the virtualhost.  This will work with default configuration in the non-HA case (where virtualhostnode
name = virtualhost name), but will fail in the HA case.



 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message