clj-http icon indicating copy to clipboard operation
clj-http copied to clipboard

Published 20 hours ago verified publisher icon dakrone

No support for keystore aliases.

Open mdemare opened this issue 4 months ago • 0 comments

Keystores, which clj-http supports, may contain multiple entries. To determine which one is selected, keystore aliases are used. Failing to specify an alias for a keystore with multiple entries means that the first entry is used.

The code which fails to specify an alias is the ssl-context-for-keystore function in the clj-http.conn-mgr namespace.

(.loadKeyMaterial
         ks (when keystore-pass
              (.toCharArray keystore-pass)))

uses the loadKeyMaterial method with signature java.security.KeyStore keystore, char[] keyPassword, but for alias support, the method with signature java.security.KeyStore keystore, char[] keyPassword, PrivateKeyStrategy aliasStrategy is needed. The chooseAlias method can just return the alias name if it occurs in the map, and the alias-name can be passed as keystore-alias in the arguments to ssl-context-for-keystore.

This does not apply to truststores.

mdemare avatar Jul 16 '25 12:07 mdemare