3 files changed, 29 insertions, 8 deletions

diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
index 91967c9f16..8bc95a32f2 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/Broker.java
@@ -212,8 +212,8 @@ public class Broker
             {
                 final String keystorePath = serverConfig.getConnectorKeyStorePath();
                 final String keystorePassword = serverConfig.getConnectorKeyStorePassword();
-                final String certType = serverConfig.getConnectorCertType();
-                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, certType);
+                final String keyManagerFactoryAlgorithm = serverConfig.getConnectorKeyManagerFactoryAlgorithm();
+                final SSLContext sslContext = SSLContextFactory.buildServerContext(keystorePath, keystorePassword, keyManagerFactoryAlgorithm);
 
                 for(int sslPort : sslPorts)
                 {
diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
index cb6ebb9b95..d81116e454 100644
--- a/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
+++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/configuration/ServerConfiguration.java
@@ -48,6 +48,8 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import javax.net.ssl.KeyManagerFactory;
+
 public class ServerConfiguration extends ConfigurationPlugin
 {
     protected static final Logger _logger = Logger.getLogger(ServerConfiguration.class);
@@ -255,6 +257,13 @@ public class ServerConfiguration extends ConfigurationPlugin
                         + (_configFile == null ? "" : " Configuration file : " + _configFile));
             }
         }
+
+        // QPID-3739 certType was a misleading name.
+        if (contains("connector.ssl.certType"))
+        {
+            _logger.warn("Validation warning: connector/ssl/certType is deprecated and must be replaced by connector/ssl/keyManagerFactoryAlgorithm"
+                    + (_configFile == null ? "" : " Configuration file : " + _configFile));
+        }
     }
 
     /*
@@ -719,9 +728,12 @@ public class ServerConfiguration extends ConfigurationPlugin
         return getStringValue("connector.ssl.keyStorePassword", fallback);
     }
 
-    public String getConnectorCertType()
+    public String getConnectorKeyManagerFactoryAlgorithm()
     {
-        return getStringValue("connector.ssl.certType", "SunX509");
+        final String systemFallback = KeyManagerFactory.getDefaultAlgorithm();
+        // deprecated, pre-0.15 brokers supported this name.
+        final String fallback = getStringValue("connector.ssl.certType", systemFallback);
+        return getStringValue("connector.ssl.keyManagerFactoryAlgorithm", fallback);
     }
 
     public String getDefaultVirtualHost()
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
index 81de6be703..abdc7f2246 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/ServerConfigurationTest.java
@@ -40,6 +40,8 @@ import java.io.IOException;
 import java.io.Writer;
 import java.util.Locale;
 
+import javax.net.ssl.KeyManagerFactory;
+
 public class ServerConfigurationTest extends QpidTestCase
 {
     private XMLConfiguration _config = new XMLConfiguration();
@@ -575,17 +577,24 @@ public class ServerConfigurationTest extends QpidTestCase
         assertEquals("b", _serverConfig.getConnectorKeyStorePassword());
     }
 
-    public void testGetConnectorCertType() throws ConfigurationException
+    public void testConnectorGetKeyManagerAlgorithm() throws ConfigurationException
     {
         // Check default
         _serverConfig.initialise();
-        assertEquals("SunX509", _serverConfig.getConnectorCertType());
+        assertEquals(KeyManagerFactory.getDefaultAlgorithm(), _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
 
         // Check value we set
-        _config.setProperty("connector.ssl.certType", "a");
+        _config.setProperty("connector.ssl.keyManagerFactoryAlgorithm", "a");
+        _serverConfig = new ServerConfiguration(_config);
+        _serverConfig.initialise();
+        assertEquals("a", _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
+
+        // Ensure we continue to support the old name certType
+        _config.clearProperty("connector.ssl.keyManagerFactoryAlgorithm");
+        _config.setProperty("connector.ssl.certType", "b");
         _serverConfig = new ServerConfiguration(_config);
         _serverConfig.initialise();
-        assertEquals("a", _serverConfig.getConnectorCertType());
+        assertEquals("b", _serverConfig.getConnectorKeyManagerFactoryAlgorithm());
     }
 
     public void testGetHousekeepingCheckPeriod() throws ConfigurationException