History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: JM-632
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Daniel Henninger
Reporter: Matt Tucker
Votes: 5
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Openfire

SSL settings page should deal with empty/corrupt keystore

Created: 04/08/06 01:11 PM   Updated: 01/19/08 07:11 PM
Component/s: Admin Console
Affects Version/s: 2.6.0
Fix Version/s: 3.4.5

Time Tracking:
Not Specified

Support Plan Customer Issue: No
Resolution Date: 01/19/08 07:11 PM
Acceptance Test - Add?: No


 Description  « Hide
The ssl settings page should deal with an empty or corrupt key store correctly. Right now, the page simply breaks.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Stephan Wienczny - 04/06/07 11:18 AM
I need to have a key different to the one that openfire creates to get it certified by my ca. Creating a rsa key using keytool certifiing it breaks openfire.

This patch should change the behavior of openfire to not crash when trying to create a csr.

Index: src/java/org/jivesoftware/util/CertificateManager.java
===================================================================
— src/java/org/jivesoftware/util/CertificateManager.java (revision 7909)
+++ src/java/org/jivesoftware/util/CertificateManager.java (working copy)
@@ -326,9 +326,15 @@
PublicKey pubKey = cert.getPublicKey();

String signatureAlgorithm = "DSA".equals(pubKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
+
+ PKCS10CertificationRequest csr = null;

  • PKCS10CertificationRequest csr =
  • new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
    + try { + csr = new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey); + } catch (InvalidKeyException ive) { + sb.append("Cannot create certificate request."); + return sb.toString(); + }

ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream deros = new DEROutputStream(baos);


[ Permlink | « Hide ]
Daniel Henninger - 01/14/08 04:06 PM
If you simply do echo 1 > keystore, totally blitzes the interface too. Good to know. I'm thinking about popping up a screen that says "the keystore appears to be corrupt" or something like that with the ability to totally overwrite the current keystore with something built by Openfire.


Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators