qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7869) [Java Broker] Truststore improvements
Date Tue, 01 Aug 2017 08:28:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-7869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16108560#comment-16108560

ASF subversion and git services commented on QPID-7869:

Commit f56e9cb429e54aacbf3c0d3592f0c963e3579dec in qpid-broker-j's branch refs/heads/master
from [~k-wall]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=f56e9cb ]

QPID-7869: [Java Broker] [Truststore] The on-delete integrity check should consider OAuth
Authentication Providers too

> [Java Broker] Truststore improvements
> -------------------------------------
>                 Key: QPID-7869
>                 URL: https://issues.apache.org/jira/browse/QPID-7869
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>             Fix For: qpid-java-broker-7.0.0
>         Attachments: 0001-QPID-7869-Work-in-progress.patch
> The current TrustStore API requires some tidy up/improvements to allow an operator to
better manage certificate expiry.
> # Currently the details of certificates contained within the store are not exposed in
a uniform manner. {#getCertificateDetails}} should be pulled up and implemented by all truststore
types.  I suggest we standardise on the form currently used by {{ManagedPeerCertificateTrustStore#getCertificateDetails}}
(i.e. the List<CertificateDetails>).  For the {{SiteSpecificTrustStore}} it should return
a singleton list.
> # KeyStores currently warn the user certificate are about to expire via operational log
messages.  TrustStores should implement the same feature.
> # For SSL client authentication, we should have a 'strict mode' where the {{validFrom}}/{{validTo}}
date of the peer certificate is validated before the connection is accepted.    This will
help users utilising self signed certificate for client authentication purpose effectively
managed certificate expiration.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message