The reason for this bug is that the function setCertificateKeystoreFile(String certificateKeystoreFile), which is defined in SSLHostConfigCertificate.java is never called. So the property certificateKeystoreFile will always be the default value of DEFAULT_KEYSTORE_FILE, and thus the customized ssl file is never loaded.
here is the definition of applySslBundle in spring boot 3.5.5 ,
private void applySslBundle(AbstractHttp11Protocol<?> protocol, SSLHostConfig sslHostConfig, SslBundle sslBundle) {
SslBundleKey key = sslBundle.getKey();
SslStoreBundle stores = sslBundle.getStores();
SslOptions options = sslBundle.getOptions();
sslHostConfig.setSslProtocol(sslBundle.getProtocol());
SSLHostConfigCertificate certificate = new SSLHostConfigCertificate(sslHostConfig, Type.UNDEFINED);
String keystorePassword = (stores.getKeyStorePassword() != null) ? stores.getKeyStorePassword() : "";
certificate.setCertificateKeystorePassword(keystorePassword);
if (key.getPassword() != null) {
certificate.setCertificateKeyPassword(key.getPassword());
}
if (key.getAlias() != null) {
certificate.setCertificateKeyAlias(key.getAlias());
}
sslHostConfig.addCertificate(certificate);
if (options.getCiphers() != null) {
String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers());
sslHostConfig.setCiphers(ciphers);
}
configureSslStores(sslHostConfig, certificate, stores);
configureEnabledProtocols(sslHostConfig, options);
}
Probably the value of certificateKeystoreFile should be set somewhere in this function, please fix this bug in future releases. thanks!
Comment From: bclozel
In its current form, this issue is not really helpful. Rather than sharing an incomplete analysis, can your share a minimal sample application that reproduces the problem? You can find some guidance here if needed.
Thanks!