[jira] [Commented] (CXF-5652) WebClient with SSL: javax.net.ssl.SSLHandshakeException handshake_failure

Thu, 27 Mar 2014 09:56:45 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-5652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13949573#comment-13949573
 ] 

Sergey Beryozkin commented on CXF-5652:
---------------------------------------

I think CXF HttpConduit does not support system SSL related properties. You can 
also do with WebClient something similar to what you did with 2.0 
ClientBuilder, in fact it is internally implemented in terms of WebClient, do 
WebClient.getConfig(myclient).getHttpConduit() and proceed from there. 
CXF client runtime may have many clients talking to many targets and CXF offers 
per-client specific configuration, if needed with the wildcard option. 

I think it is a won't fix issue. Dan, do you agree or should we consider 
updating HttpConduit to optionally support system properties ?



> WebClient with SSL: javax.net.ssl.SSLHandshakeException handshake_failure
> -------------------------------------------------------------------------
>
>                 Key: CXF-5652
>                 URL: https://issues.apache.org/jira/browse/CXF-5652
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS
>    Affects Versions: 3.0.0-milestone2
>            Reporter: Vjacheslav Borisov
>            Priority: Minor
>
> I got error when using WebClient with SSL using client certificate:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
> I found a way to fix this error
>             KeyStore keyStore = KeyStore.getInstance("JKS");
>             String trustpass = "chageit";
>             File truststore = new 
> File("/home/slavb/.java/deployment/security/trusted.clientcerts");
>             keyStore.load(new FileInputStream(truststore), 
> trustpass.toCharArray());
>             KeyStore ts = KeyStore.getInstance("JKS");
>             truststore = new File("/etc/ssl/certs/trusted.cacerts");
>             ts.load(new FileInputStream(truststore), "".toCharArray());
>             Client client = ClientBuilder.newBuilder().keyStore(keyStore, 
> trustpass).
>                     trustStore(ts).build();
> And I have question, why WebClient is not working like embedded in java 
> URLConnection or 
> apache http client when I specify system properties
> -Djavax.net.ssl.trustStore=/etc/ssl/certs/trusted.cacerts 
> -Djavax.net.ssl.keyStore=/home/slavb/.java/deployment/security/trusted.clientcerts
>  
> -Djavax.net.ssl.keyStorePassword=changeit
> (i got error javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> handshake_failure when using SSL web client)
> Why it is need to configure ssl in code?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to