[jetty-dev] SslContextFactory bulletproofing

[Guillaume Maillard <guillaume.maillard@xxxxxxxxx>]

Hi,

I would like to know if you would be interested in some patchs to bulletproof SSL configuration.

Having spent hours on missing error chekcing, I would be happy to contribute on this subject.

As you know,

- sslContextFactory.setKeyStorePath accepts missing or broken keystore...

- setKeyStorePassword and setKeyManagerPassword don't report any issue if they cannot unlock the keystore...

- certAlias isnot reporting not found alias

- etc etc... the list is VERY long.

All of these kind of error don't prevent starting a Server and no logs are used to help.

The only symptom is a https server that close connection after receiving some bytes.

Forums and stackoverflow are full of deseperated users wanting to add security on their jetty,

don't you think it's time to add some debug info?

Best regards,

Guillaume Maillard