Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quarkus Vertx HTTP defines default keystore password #29573

Closed
rsvoboda opened this issue Nov 30, 2022 · 1 comment · Fixed by #30708
Closed

Quarkus Vertx HTTP defines default keystore password #29573

rsvoboda opened this issue Nov 30, 2022 · 1 comment · Fixed by #30708
Assignees
@cescoffier
Labels
area/security area/vertx kind/bug Something isn't working
Milestone
3.0.0.Alpha4

Comments

@rsvoboda
Copy link
Member

rsvoboda commented Nov 30, 2022
edited

Describe the bug

Quarkus defines default keystore password, this is imo bad practice and we should remove that.

Noticed when looking into custom CredentialsProvider related test and confirmed in #29561 description.

CC @sberyozkin
@rsvoboda rsvoboda added the kind/bug Something isn't working label Nov 30, 2022
@sberyozkin sberyozkin changed the title Quarkus defines default keystore password Quarkus Vertx HTTP defines default keystore password Nov 30, 2022
@cescoffier
Copy link
Member

I agree, this is inherited from Vert.x but we should avoid that.
I will require a change in Vert.x - as if we pass null (like no password), vert.x will use "password". I was thinking using an empty string in this case, but it's not really the same.

@vietj WDYT?

@cescoffier cescoffier added the triage/upstream Used for issues which are caused by issues in upstream projects/dependency label Jan 23, 2023
@cescoffier cescoffier removed the triage/upstream Used for issues which are caused by issues in upstream projects/dependency label Jan 30, 2023
@cescoffier cescoffier self-assigned this Jan 30, 2023
cescoffier added a commit to cescoffier/quarkus that referenced this issue Jan 30, 2023
@cescoffier
Avoids using "password" as default password when loading / reading ke…
26d36c2 
…y stores.

Fix quarkusio#29573.

This should be considered as a breaking change for users using "password" as password.
@cescoffier cescoffier mentioned this issue Jan 30, 2023
Merged
cescoffier added a commit to cescoffier/quarkus that referenced this issue Jan 30, 2023
@cescoffier
Avoids using "password" as default password when loading / reading ke…
9d426d3 
…y stores.

Fix quarkusio#29573.

This should be considered as a breaking change for users using "password" as password.
cescoffier added a commit to cescoffier/quarkus that referenced this issue Jan 31, 2023
@cescoffier
Avoids using "password" as default password when loading / reading ke…
bca49a0 
…y stores.

Fix quarkusio#29573.

This should be considered as a breaking change for users using "password" as password.
gastaldi added a commit that referenced this issue Jan 31, 2023
@gastaldi
Merge pull request #30708 from cescoffier/avoid-using-hardcoded-password
750a259 
Fix #29573
@quarkus-bot quarkus-bot bot added this to the 2.17 - main milestone Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cescoffier cescoffier

Labels
area/security area/vertx kind/bug Something isn't working
Projects
None yet
Milestone
3.0.0.Alpha4
Development

Successfully merging a pull request may close this issue.

Remove default "password" for key stores cescoffier/quarkus
3 participants
@cescoffier @sberyozkin @rsvoboda