All changes from pull requests mentioned in this issue have been applied. Most of them will be part of both the 4.0.1 as well as the 4.1.0 release, with the exception of the SHA-1 to SHA-2 upgrade (which is a significant upgrade, which shouldn't go into a patch release but only in a normal release).

PR/commit details

• https://github.com/igniterealtime/Openfire/pull/515 was merged without changes. Merged with master as well as with 4.0 branch.

• From https://github.com/igniterealtime/Openfire/pull/514 I have created new pull requests that, combined, contain all of the commits from this pull request:

  • https://github.com/igniterealtime/Openfire/pull/526 contains most commits, with an additional commit that restores the 5-year-validity for self-signed certificates. Merged with master as well as with 4.0 branch.

  • https://github.com/igniterealtime/Openfire/pull/527 contains the commit that replaces SHA-1 with SHA-2. Although desirable, we shouldn't have such a change in a patch release. Merged with master only.

https://github.com/igniterealtime/Openfire/pull/514 Various improvements, including:

• creation of certificates with SHA-2 signatures

• use of the new Bouncy Castle API for create certificates

• reactivating the signing request feature

• some bug fixes

https://github.com/igniterealtime/Openfire/pull/515 is intended to make Openfire more resilient against unexpected configuration properties, and re-enables changes through the admin console.

https://igniterealtime.atlassian.net/browse/OF-946#icft=OF-946 introduces the option of having distinct sets of certificate stores for various connection types in Openfire. The default behavior causes the original (pre-Openfire 4.0.0) stores to be used when no others are detected.

The issues reported by users that upgrade from Openfire 3 appear to relate to instances in which the default password of the keystore has been updated, but not it's location. Openfire 4.0.0 does not appear to this up, and assumes that all defaults (including the password) is to be used. This causes issues, which are amplified by a poor visualization of this problem in the Admin Console.