add common crypto to ssl feature

utle · Oct 9, 2024 · 1692ecf · 1692ecf
1 parent ebaadc1
commit 1692ecf
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 2 deletions.
diff --git a/....appserver.features/visibility/public/ssl-1.0/com.ibm.websphere.appserver.ssl-1.0.feature b/....appserver.features/visibility/public/ssl-1.0/com.ibm.websphere.appserver.ssl-1.0.feature
@@ -15,6 +15,7 @@ Subsystem-Name: Secure Socket Layer 1.0
  com.ibm.ws.channel.ssl, \
  com.ibm.websphere.security, \
  com.ibm.ws.crypto.certificateutil, \
+ com.ibm.ws.crypto.common, \
  io.openliberty.wsoc.ssl.internal, \
  io.openliberty.endpoint, \
  io.openliberty.io.netty, \

diff --git a/dev/com.ibm.ws.ssl/resources/OSGI-INF/l10n/metatype.properties b/dev/com.ibm.ws.ssl/resources/OSGI-INF/l10n/metatype.properties
@@ -50,7 +50,7 @@ repertoire.MEDIUM=Cipher suites DES and 40 bit
 repertoire.LOW=Cipher suites without encryption
 repertoire.CUSTOM=Custom list of cipher suites
 repertoire.verifyHostname=Host name verification
-repertoire.verifyHostname.desc=Specifies whether host name verification for outbound connections using a specific SSL configuration is enabled. If set to true, then all outbound SSL connections that use the specified SSL configuration undergo verification of the target server host name against that server's certificate. The attribute is set to false by default.
+repertoire.verifyHostname.desc=Specifies whether host name verification for outbound connections using a specific SSL configuration is enabled. If set to true, then all outbound SSL connections that use the specified SSL configuration undergo verification of the target server host name against that server's certificate. The attribute is set to true by default.
 repertoire.skipHostnameVerificationForHosts=Skip host name verification for hosts
 repertoire.skipHostnameVerificationForHosts.desc=Specifies the hostname that allow to skip the host name verification for outbound connection using a specific SSL configuration.
 repertoire.trustDefaultCerts=Trust the default certificates

diff --git a/dev/com.ibm.ws.ssl/src/com/ibm/ws/ssl/provider/AbstractJSSEProvider.java b/dev/com.ibm.ws.ssl/src/com/ibm/ws/ssl/provider/AbstractJSSEProvider.java
@@ -117,6 +117,7 @@ protected void initialize(String keyMgr, String trustMgr, String cxtProvider, St
         this.defaultProtocol = protocolType;
 
         if (tc.isDebugEnabled()) {
+            Tr.debug(tc, "contextProvider: " + contextProvider);
             Tr.debug(tc, "defaultProtocol: " + defaultProtocol);
         }
         if (FipsUtils.isFIPSEnabled()) {

diff --git a/dev/com.ibm.ws.ssl/src/com/ibm/ws/ssl/provider/IBMJSSEProvider.java b/dev/com.ibm.ws.ssl/src/com/ibm/ws/ssl/provider/IBMJSSEProvider.java
@@ -79,7 +79,7 @@ public IBMJSSEProvider() {
 //        }
 
         if (FipsUtils.isFIPSEnabled()) {
-            if (CryptoProvider.isIBMJCEPlusFIPSAvailable() || CryptoProvider.isIBMJCEPlusFIPSAvailable()) {
+            if (CryptoProvider.isIBMJCEPlusFIPSAvailable() || CryptoProvider.isOpenJCEPlusFIPSAvailable()) {
                 initialize(JSSEProviderFactory.getKeyManagerFactoryAlgorithm(), JSSEProviderFactory.getTrustManagerFactoryAlgorithm(), Constants.IBMJSSE2_NAME, null,
                            Constants.SOCKET_FACTORY_WAS_DEFAULT, null, Constants.PROTOCOL_TLS);
             }