Use 'most appropriate' certificate when multiple are available.

Description

When the identity store contains more than one certificate, it's up to the implementation of the KeyManager factory to decide which one is actually used.

I've observed that from a store that contains two certificates, the one that is expired was picked by the default implementation.

Openfire should be modified to use an implementation that favors the 'best fit' - an unexpired certificate, for example.

Environment

None

Linked issues

is related to

OF-1218

Openfire not going through all TLS certificates

Activity

Show:

wroot March 6, 2018 at 4:23 AM

might be related, though not sure is it fixable (maybe it should pick one which patches the current domain name).

Fixed

Details
Assignee
Guus der Kinderen
Reporter
Guus der Kinderen
Components
Fix versions
4.2.3
Priority
Minor

Created March 5, 2018 at 2:19 PM

Updated March 8, 2018 at 2:56 PM

Resolved March 8, 2018 at 2:56 PM

Use 'most appropriate' certificate when multiple are available.

Description

Environment

Linked issues

is related to

Activity

wroot March 6, 2018 at 4:23 AM

DetailsAssigneeGuus der KinderenGuus der KinderenReporterGuus der KinderenGuus der KinderenComponentsFix versions4.2.3PriorityMinor

Details

Assignee

Reporter

Components

Fix versions

Priority

Details
Assignee
Guus der Kinderen
Reporter
Guus der Kinderen
Components
Fix versions
4.2.3
Priority
Minor