Disable custom caerts by default, allow system proxies LDEV-917

lucee · Apr 1, 2021 · 1464b7f · 1464b7f
1 parent 26c2e64
commit 1464b7f
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 17 deletions.
diff --git a/core/src/main/cfml/context/admin/server.proxy.cfm b/core/src/main/cfml/context/admin/server.proxy.cfm
@@ -121,19 +121,10 @@ function doEnableProxy(enableProxy) {
 	}
 }
 </script>
-
-
-
 <table class="tbl" width="600">
-
 <cfformClassic onerror="customError" action="#request.self#?action=#url.action#" method="post">
-
-<tr>
-	<td colspan="2">#stText.proxy[request.adminType]#</td>
-</tr>
-
 <tr>
-	<td colspan="2"><h2>#stText.proxy.settings#</h2></td>
+	<td colspan="2"><h2>#stText.proxy[request.adminType]# Context #stText.proxy.settings#</h2></td>
 </tr>
 <!--- Server --->
 <tr>
@@ -229,5 +220,8 @@ function doEnableProxy(enableProxy) {
 
 </cfformClassic>
 
-</table></cfoutput>
-<br><br>
+</table>
+<br>
+<b>java.net.useSystemProxies:</b> is set to #server.system.properties["java.net.useSystemProxies"]?: " (not set)"#
+<br>
+</cfoutput>
diff --git a/core/src/main/cfml/context/admin/services.certificates.cfm b/core/src/main/cfml/context/admin/services.certificates.cfm
@@ -23,7 +23,22 @@ Defaults --->
 <cfset _host=session.certHost>
 <cfset _port=session.certPort>
 
+<cfscript>
+	LuceeTrustStore = false;
+	if ((server.system.properties["lucee.use.lucee.SSL.TrustStore"]?: false)
+			|| (server.system.environment["lucee_use_lucee_SSL_TrustStore"]?: false)){
+		LuceeTrustStore = true;
+	};
+	
+</cfscript>
 
+<cfif !LuceeTrustStore>
+	<p>
+	<b>As Lucee is currently using the JVM TrustStore/cacerts file, this functionality isn't available.</b>
+	<br><br>
+	Set the following System or Environment variables to enable: <code>lucee.use.lucee.SSL.TrustStore = true;</code>
+	</p>
+</cfif>
 
 <cftry>
 	<cfswitch expression="#form.mainAction#">

diff --git a/core/src/main/java/lucee/runtime/config/ConfigServerFactory.java b/core/src/main/java/lucee/runtime/config/ConfigServerFactory.java
@@ -254,12 +254,16 @@ private static void createContextFiles(Resource configDir, ConfigServer config,
 		create("/resource/context/admin/logging/layout/",
 				new String[] { "ClassicLayout.cfc", "HTMLLayout.cfc", "PatternLayout.cfc", "XMLLayout.cfc", "Layout.cfc", "Field.cfc", "Group.cfc" }, lay, doNew);
 
-		// Security
+		// Security / SSL
 		Resource secDir = configDir.getRealResource("security");
 		if (!secDir.exists()) secDir.mkdirs();
 		Resource res = create("/resource/security/", "cacerts", secDir, false);
-		System.setProperty("javax.net.ssl.trustStore", res.toString());
-
+		if (SystemUtil.getSystemPropOrEnvVar("lucee.use.lucee.SSL.TrustStore", "").equalsIgnoreCase("true"))
+			System.setProperty("javax.net.ssl.trustStore", res.toString());
+		// Allow using system proxies
+		if (!SystemUtil.getSystemPropOrEnvVar("lucee.disable.systemProxies", "").equalsIgnoreCase("true"))
+			System.setProperty("java.net.useSystemProxies", "true"); // it defaults to false
+
 		// Jacob
 		if (SystemUtil.isWindows()) {
 

diff --git a/loader/build.xml b/loader/build.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project default="core" basedir="." name="Lucee" xmlns:artifact="antlib:org.apache.maven.artifact.ant">
 
-  <property name="version" value="6.0.0.73-SNAPSHOT"/>
+  <property name="version" value="6.0.0.74-SNAPSHOT"/>
 
   <path id="maven-ant-tasks.classpath" path="../ant/lib/maven-ant-tasks-2.1.3.jar" />
   <typedef resource="org/apache/maven/artifact/ant/antlib.xml"

diff --git a/loader/pom.xml b/loader/pom.xml
@@ -3,7 +3,7 @@
 
   <groupId>org.lucee</groupId>
   <artifactId>lucee</artifactId>
-  <version>6.0.0.73-SNAPSHOT</version>
+  <version>6.0.0.74-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>Lucee Loader Build</name>