Use 'most appropriate' certificate when multiple are available.

Description

When the identity store contains more than one certificate, it's up to the implementation of the KeyManager factory to decide which one is actually used.

I've observed that from a store that contains two certificates, the one that is expired was picked by the default implementation.

Openfire should be modified to use an implementation that favors the 'best fit' - an unexpired certificate, for example.

Environment

None

Activity

Show:
wroot
March 6, 2018, 4:23 AM

might be related, though not sure is it fixable (maybe it should pick one which patches the current domain name).

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Minor
Configure