Index: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java =================================================================== --- java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (revision 982575) +++ java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (working copy) @@ -28,6 +28,7 @@ import java.net.SocketException; import java.security.KeyStore; import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; import java.security.cert.CRL; import java.security.cert.CRLException; import java.security.cert.CertPathParameters; @@ -316,9 +317,17 @@ log.debug("trustProvider = " + truststoreProvider); } - if (truststoreFile != null && truststorePassword != null){ - trustStore = getStore(truststoreType, truststoreProvider, - truststoreFile, truststorePassword); + if (truststoreFile != null){ + try { + trustStore = getStore(truststoreType, truststoreProvider, + truststoreFile, truststorePassword); + } catch (IOException ioe) { + // Log a warning we had a password issue + log.warn(sm.getString("jsse.invalid_truststore_password"), ioe); + // Re-try + trustStore = getStore(truststoreType, truststoreProvider, + truststoreFile, null); + } } return trustStore; @@ -347,15 +356,19 @@ istream = new FileInputStream(keyStoreFile); } - ks.load(istream, pass.toCharArray()); + char[] storePass = null; + if (pass != null && !"".equals(pass)) { + storePass = pass.toCharArray(); + } + ks.load(istream, storePass); } catch (FileNotFoundException fnfe) { log.error(sm.getString("jsse.keystore_load_failed", type, path, fnfe.getMessage()), fnfe); throw fnfe; } catch (IOException ioe) { - log.error(sm.getString("jsse.keystore_load_failed", type, path, - ioe.getMessage()), ioe); - throw ioe; + // May be expected when working with a trust store + // Re-throw. Caller will catch and log as required + throw ioe; } catch(Exception ex) { String msg = sm.getString("jsse.keystore_load_failed", type, path, ex.getMessage()); Index: java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties =================================================================== --- java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (revision 982575) +++ java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (working copy) @@ -15,3 +15,4 @@ jsse.alias_no_key_entry=Alias name {0} does not identify a key entry jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2} +jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. Index: webapps/docs/config/http.xml =================================================================== --- webapps/docs/config/http.xml (revision 982575) +++ webapps/docs/config/http.xml (working copy) @@ -738,8 +738,12 @@
The password to access the trust store. The default is the value of the
javax.net.ssl.trustStorePassword
system property. If that
property is null, the value of keystorePass
is used as the
- default. If neither this attribute, the default system property nor
- keystorePass
is set, no trust store will be configured.
""
then no
+ password will be used to access the store which will aslo skip validation
+ of the trust store contents.