Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-28162

Allow configuration of custom S3 truststore

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF54, 2021.11
    • Component/s: S3
    • Release Notes Summary:
      New configuration properties have been added to allow the configuration of a custom S3 truststore.
    • Tags:
    • Backlog priority:
      900
    • Upgrade notes:
      Hide

      New configuration properties have been added to allow the configuration of a custom S3 truststore:

      nuxeo.aws.trustStorePath=
nuxeo.aws.trustStorePassword=
nuxeo.aws.trustStoreType=
nuxeo.aws.keyStorePath=
nuxeo.aws.keyStorePassword=
nuxeo.aws.keyStoreType=
      Show
      New configuration properties have been added to allow the configuration of a custom S3 truststore: nuxeo.aws.trustStorePath= nuxeo.aws.trustStorePassword= nuxeo.aws.trustStoreType= nuxeo.aws.keyStorePath= nuxeo.aws.keyStorePassword= nuxeo.aws.keyStoreType=
    • Sprint:
      nxplatform #44, nxplatform #45, nxplatform #46
    • Story Points:
      2

      Description

      The same way MongoDB implementation allows to use a truststore different from the JVM one to initialize the SSL context, the S3 implementation should allow the same configuration, which would be specifically interesting if a self-signed CA is used.

      The implementation could follow what is described in
      https://stackoverflow.com/questions/28084399/amazon-s3-sdk-for-java-configure-tlsv1-2#28094222

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. NXP-30722 Fix NPE in S3 truststore configuration

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXP-29796 Don't use http status 308 for batch upload's "Resume Incomplete"

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          Is referenced in

          [Captain Hook] PR for 10.10: #4948 PR for 10.10: #4948

          [Captain Hook] PR for 2021: #246 PR for 2021: #246

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 3 hours
                  2d 3h