[jboss-jira] [JBoss JIRA] (WFCORE-2671) CLI Opertation 'load' for Elytron key-store does not correctly re-read keystore

Ondrej Lukas (JIRA) issues at jboss.org
Thu Apr 13 01:43:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ondrej Lukas updated WFCORE-2671:
---------------------------------
    Description: When keystore (or cerficate in keystore) is changed during server runtime then CLI opertation {{load}} can be used for {{/subsystem=elytron/key-store=...}} to re-reading this keystore in server. However after calling this operation server still works with original keystore/certificate. Then CLI reads current keystore correctly, but in case when ssl-context which uses that key-store is used then original keystore is still used by server. Reload of server is required to correctly re-read the new keystore. See Steps to Reproduce for more details.  (was: When keystore (or cerficate in keystore) is changed during server runtime then CLI opertation {{load}} can be used for {{/subsystem=elytron/key-store=...}} to re-reading this keystore in server. However after calling this operation server still works with original keystore/certificate. Then CLI reads current keystore correctly, but in case when ssl-context which uses that key-store is used then original keystore is still used by server. Reload of server is required to correctly re-read the new keystore. See Steps to Reproduce for more details.

We request blocker flag since this issue blocks RFE EAP7-455.)


> CLI Opertation 'load' for Elytron key-store does not correctly re-read keystore
> -------------------------------------------------------------------------------
>
>                 Key: WFCORE-2671
>                 URL: https://issues.jboss.org/browse/WFCORE-2671
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>
> When keystore (or cerficate in keystore) is changed during server runtime then CLI opertation {{load}} can be used for {{/subsystem=elytron/key-store=...}} to re-reading this keystore in server. However after calling this operation server still works with original keystore/certificate. Then CLI reads current keystore correctly, but in case when ssl-context which uses that key-store is used then original keystore is still used by server. Reload of server is required to correctly re-read the new keystore. See Steps to Reproduce for more details.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list