Hello,
Would it be possible to make the TrustManager optional for Netty SSL
support? I made a change in my local version of camel-netty and it works for
me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement
for the original SSLEngineFactory constructor):
public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[]
passphrase) throws Exception {
super();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
sslContext = SSLContext.getInstance(SSL_PROTOCOL);
if (trustStoreFile != null)
{
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
null);
}
else
{
sslContext.init(kmf.getKeyManagers(), null, null);
}
}
I ask for this as I have to contact a server where SSL will not work
properly if a TrustManager is installed. If this could go in before CAMEL
2.3 it would be much appreciated.
A couple of questions about the netty implementation:
(1) Is there a reason why JKS was hardcoded here, rather than allowing the
key store format to be configured?
(2) When I add the TrustManager using netty for the connection where it
could not be used, netty throws me no exception, the connection remains
open, but the messages I send do not get to the server. If I connect
directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is
there something I am missing here?
thanks in advance,
Gareth Collins
--
View this message in context:
http://old.nabble.com/Make-TrustManager-Optional-When-Using-SSL-For-Netty-tp28186386p28186386.html
Sent from the Camel - Users mailing list archive at Nabble.com.
