Use the system keystore by default

Default system keystore is in: $JAVA_HOME/lib/security/jssecacerts or in: $JAVA_HOME/lib/security/cacerts Custom keystore can be set either in /etc/sysconfig/gitbucket by specifying the following option: GITBUCKET_JVM_OPTS="-Djavax.net.ssl.trustStore=/path/to/your/cacerts" or in Gitbucket's System Settings.
2025-11-07 22:15:51 +01:00 · 2013-11-07 14:56:31 +00:00
parent cc241c5a7b
commit 612aba1365
4 changed files with 10 additions and 9 deletions
--- a/src/main/scala/util/LDAPUtil.scala
+++ b/src/main/scala/util/LDAPUtil.scala
@@ -14,7 +14,7 @@ import scala.annotation.tailrec
 object LDAPUtil {

  private val LDAP_VERSION: Int = LDAPConnection.LDAP_V3
-  private val logger = LoggerFactory.getLogger("LDAPUtil")
+  private val logger = LoggerFactory.getLogger(getClass().getName())

  /**
   * Try authentication by LDAP using given configuration.
@@ -27,7 +27,7 @@ object LDAPUtil {
      ldapSettings.bindDN.getOrElse(""),
      ldapSettings.bindPassword.getOrElse(""),
      ldapSettings.tls.getOrElse(false),
-      ldapSettings.keystore.getOrElse(SystemSettingsService.DefaultLdapKeystore)
+      ldapSettings.keystore.getOrElse("")
    ) match {
      case Some(conn) => {
        withConnection(conn) { conn =>
@@ -48,7 +48,7 @@ object LDAPUtil {
      userDN,
      password,
      ldapSettings.tls.getOrElse(false),
-      ldapSettings.keystore.getOrElse(SystemSettingsService.DefaultLdapKeystore)
+      ldapSettings.keystore.getOrElse("")
    ) match {
      case Some(conn) => {
        withConnection(conn) { conn =>
@@ -67,9 +67,11 @@ object LDAPUtil {
      // Dynamically set Sun as the security provider
      Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider())

-      // Dynamically set the property that JSSE uses to identify
-      // the keystore that holds trusted root certificates
-      System.setProperty("javax.net.ssl.trustStore", keystore);
+      if (keystore.compareTo("") != 0) {
+        // Dynamically set the property that JSSE uses to identify
+        // the keystore that holds trusted root certificates
+        System.setProperty("javax.net.ssl.trustStore", keystore)
+      }
    }

    val conn: LDAPConnection = new LDAPConnection(new LDAPJSSEStartTLSFactory())