Commit 83c47b30 authored by Guus der Kinderen's avatar Guus der Kinderen

OF-1191: Use client truststores for c2s-type connections.

parent d727b51c
package org.jivesoftware.openfire.keystore;
import org.bouncycastle.bcpg.ElGamalSecretBCPGKey;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.container.BasicModule;
import org.jivesoftware.openfire.spi.ConnectionListener;
......@@ -12,6 +13,7 @@ import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
......@@ -349,7 +351,17 @@ public class CertificateStoreManager extends BasicModule
static String getTrustStoreLocation( ConnectionType type )
{
final String propertyName = type.getPrefix() + "truststore";
final String defaultValue = "resources" + File.separator + "security" + File.separator + "truststore";
final String defaultValue;
// OF-1191: For client-oriented connection types, Openfire traditionally uses a different truststore.
if ( Arrays.asList( ConnectionType.SOCKET_C2S, ConnectionType.BOSH_C2S, ConnectionType.WEBADMIN ).contains( type ) )
{
defaultValue = "resources" + File.separator + "security" + File.separator + "client.truststore";
}
else
{
defaultValue = "resources" + File.separator + "security" + File.separator + "truststore";
}
if ( type.getFallback() == null )
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment