Set default value for key/trust store type as constant for JDK PKCS setup #5000
+7
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
willyborankin
force-pushed
the
fix-ssl-config-default-keystore-type
branch
3 times, most recently
from
fb6a187 to
b8a8c94
Compare
willyborankin
requested review from
cwperks,
DarshitChanpura,
derek-ho,
nibix,
peternied,
RyanL1997 and
reta
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5000 +/- ##
==========================================
- Coverage 71.50% 71.40% -0.11%
==========================================
Files 334 334
Lines 22556 22556
Branches 3589 3589
==========================================
- Hits 16129 16105 -24
- Misses 4635 4661 +26
+ Partials 1792 1790 -2
|
The KeyStore.getDefaultType() method returns JKS by default for all JDK versions prior to JDK 23, which switches the default to PKCS12. Since the refactored version uses KeyStore.getDefaultType(), it could break backward compatibility with older JDK versions. Signed-off-by: Andrey Pleskach <[email protected]>
willyborankin
force-pushed
the
fix-ssl-config-default-keystore-type
branch
from
b8a8c94 to
d26846a
Compare
willyborankin
changed the title
RyanL1997
approved these changes
Dec 30, 2024
cwperks
approved these changes
Jan 2, 2025
There was a problem hiding this comment.
Thank you @willyborankin. This ensures that its consistent with the documentation: https://opensearch.org/docs/latest/security/configuration/tls/
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jan 2, 2025
…etup (#5000) Signed-off-by: Andrey Pleskach <[email protected]> (cherry picked from commit e83db44) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The
KeyStore.getDefaultType()method returnsJKSby default for allJDKversions prior toJDK 23,which switches the default to
PKCS12. Since the refactored version usesKeyStore.getDefaultType(), it could break backward compatibility with olderJDKversions.JDK 21 docs vs JDK23 docs
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.