Could connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java use the javax.net.ssl.keyStorePassword property, if it is set, in getKeystorePassword after doing it's current checks but before using the default password? /* * Gets the SSL server's keystore password. */ protected String getKeystorePassword() { String keyPass = (String)attributes.get("keypass"); if (keyPass == null) { keyPass = defaultKeyPass; } String keystorePass = (String)attributes.get("keystorePass"); if (keystorePass == null) { keystorePass = System.getProperty("javax.net.ssl.keyStorePassword"); if (keystorePass == null ) { keystorePass = keyPass; } } return keystorePass; }
Nice little enhancement, done.
see also Bug 38217
Hi, The change has broken ability to use different key stores for SSL RMI and SSL HTTP on the same host. "keystorePass" attribute specified in Tomcat config is get replaced with "keypass" attribute by Catalina. In org.apache.catalina.connector.Connector there is the following code: protected static HashMap replacements = new HashMap(); static { replacements.put("acceptCount", "backlog"); replacements.put("connectionLinger", "soLinger"); replacements.put("connectionTimeout", "soTimeout"); replacements.put("connectionUploadTimeout", "timeout"); replacements.put("clientAuth", "clientauth"); replacements.put("keystoreFile", "keystore"); replacements.put("randomFile", "randomfile"); replacements.put("rootFile", "rootfile"); replacements.put("keystorePass", "keypass"); replacements.put("keystoreType", "keytype"); replacements.put("sslProtocol", "protocol"); replacements.put("sslProtocols", "protocols"); } /** * Set a configured property. */ public void setProperty(String name, String value) { String repl = name; if (replacements.get(name) != null) { repl = (String) replacements.get(name); } IntrospectionUtils.setProperty(protocolHandler, repl, value); } As the result, in JSSESocketFactory "keystorePass" attribute is never set. Before the change, "keypass" was used, now "javax.net.ssl.keyStorePassword". But the latter contains password for key store specified by "javax.net.ssl.keyStore" property.
(In reply to comment #3) If you do care, you should open a new bug report and provide enough details to reproduce the issue. Commenting on a 6-year old issue is wrong. A lot has changed. Do not forget to mention the exact Tomcat version. Your comment does not match current Tomcat code, so I make no sense out of it.