Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
jtsk_2.0_001
-
None
-
None
-
4981146
Description
Bugtraq ID 4981146
The JSSE trust manager used by the SSL and HTTPS endpoints assumes that the value specified for the javax.net.ssl.trustStore system property names a file, not a URL. Being able to specify an HTTPS or HTTPMD URL value for the location
of the truststore would allow the data to be stored remotely.
This change would probably also make it possible to deliver an application that stores its truststore as a resource within the application's JAR file and uses a URL to refer to the resource.
Workaround: Use the com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm system property to specify a different trust manager factory implementation, and provide an implementation that can interpret the truststore location as a URL.