[wildfly-dev] Support for PKCS12 keystores in Security Realms
Jason T. Greene
jgreene at redhat.com
Wed Mar 19 21:32:25 EDT 2014
Since this change looks minor, and it comes from a community member I am inclined to allow into 8.0.1.
How bad is the conflict for the other change you are referring to Darran?
> On Mar 19, 2014, at 5:43 PM, Marek Żupnik <marek.zupnik at gmail.com> wrote:
>
> Hi,
>
> Darran, I understand your point of view, but stable version of 9 will be not released tomorrow. Lack of pkcs12 support in 8 is a major issue, not to mention that in AS 7 I was able to use this format for https private key. I think it will be useful to fix it yet in 8, even thought the code with a fix will be thrown away in 9.
>
> I made a pull request with a fix (https://github.com/wildfly/wildfly/pull/6062). It is up to you what you do with it.
>
> Thank you for your answers and clarifications.
>
> Kind Regards,
> Marek Zupnik
>
>
> 2014-03-18 18:10 GMT+01:00 Darran Lofthouse <darran.lofthouse at jboss.com>:
>> I will have another look if I get a chance to get something into 8 but
>> in reality a related change in this area (that completely conflicts with
>> your changes) was pushed to 9 as the consensus was we did not want the
>> configuration model in this area changing before WildFLy 9.
>>
>> On 18/03/14 16:30, Marek Żupnik wrote:
>> > Hi,
>> >
>> > Thank You Brian for your comments. I'll try to apply them to my code. I
>> > ask if I will have further questions about it.
>> >
>> > @Darran, I have a question for you. I wasn't looking into development
>> > branch so I haven't known about the changes. Is it possible that pkcs12
>> > support will be merged in Wildfly 8? If not, could my change be merged
>> > earlier? Otherwise, I'm forced to maintain my version of Wildfly untill
>> > no 9 will be released.
>> >
>> > Kind Regards,
>> > Marek Zupnik
>> >
>> >
>> > 2014-03-18 16:20 GMT+01:00 Brian Stansberry <brian.stansberry at redhat.com
>> > <mailto:brian.stansberry at redhat.com>>:
>> >
>> > Hi Marek,
>> >
>> > Welcome!
>> >
>> > I'm going to make a few comments on github re: some minor details of
>> > your commit. But please keep an eye on this list for your more general
>> > question about whether this is how we want to go about this. I believe
>> > Darran Lofthouse was planning some work in this area so he may have some
>> > input.
>> >
>> > Cheers,
>> >
>> > --
>> > Brian Stansberry
>> > Senior Principal Software Engineer
>> > JBoss by Red Hat
>> >
>> > On 3/18/14, 8:59 AM, Marek Żupnik wrote:
>> > > Hi,
>> > >
>> > > I'm Marek Zupnik. It's my first message for this list but for
>> > some time
>> > > I've been keeping my eyes on what's happening in wildfly development.
>> > >
>> > > I'm writing regarding to the issue about lack of support for PKCS12
>> > > keystores in security realms
>> > > (https://issues.jboss.org/browse/WFLY-2229). I wanted to migrate my
>> > > system to Wildfly but in my case it is a blocking issue. I have
>> > to use
>> > > keystore in PKCS12 format in which I'm storing, among others, https
>> > > private key.
>> > >
>> > > I forked Wildfly on github and made a simple fix for this issue which
>> > > consists in additional parameter "keystore-type" for keystore
>> > > configuration. Based on this parameter I'm able to create appropriate
>> > > keystore type.
>> > >
>> > > Config sample:
>> > > <keystore path="keystore.p12" relative-to="jboss.server.config.dir"
>> > > keystore-password="xxx" keystore-type="PKCS12" alias="https"/>
>> > >
>> > > The changes are in my fork on github (keystore_type branch):
>> > > https://github.com/mzupnik/wildfly/tree/keystore_type
>> > >
>> > > Before I will try to do push request, could you answer me if it is
>> > > acceptable solution according to your architecture concept? If not,
>> > > could you give me some tips how to resolve it in other way? I
>> > care about
>> > > this fix before 9. release.
>> > >
>> > > Kind Regards,
>> > > Marek Zupnik
>> > >
>> > >
>> > > _______________________________________________
>> > > wildfly-dev mailing list
>> > > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> > > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> > >
>> >
>> >
>> > _______________________________________________
>> > wildfly-dev mailing list
>> > wildfly-dev at lists.jboss.org <mailto:wildfly-dev at lists.jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > wildfly-dev mailing list
>> > wildfly-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
>> >
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140319/389fb842/attachment.html
More information about the wildfly-dev
mailing list