Re: [PR] CAMEL-23445: camel-elasticsearch-rest-client - Add SSLContextParameters support for TLS configuration [camel]

Fri, 12 Jun 2026 00:38:08 -0700 


oscerd commented on code in PR #23967:
URL: https://github.com/apache/camel/pull/23967#discussion_r3401548171


##########
components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java:
##########
@@ -380,18 +380,27 @@ private RestClient createClient() throws Exception {
         builder.setRequestConfigCallback(requestConfigBuilder -> 
requestConfigBuilder
                 
.setConnectTimeout(this.endpoint.getConnectionTimeout()).setSocketTimeout(this.endpoint.getSocketTimeout()));
 
-        if (this.endpoint.getUser() != null && this.endpoint.getPassword() != 
null) {
-            final CredentialsProvider credentialsProvider = new 
BasicCredentialsProvider();
-            credentialsProvider.setCredentials(AuthScope.ANY,
-                    new UsernamePasswordCredentials(this.endpoint.getUser(), 
this.endpoint.getPassword()));
-            builder.setHttpClientConfigCallback(httpClientBuilder -> {
+        builder.setHttpClientConfigCallback(httpClientBuilder -> {
+            if (this.endpoint.getUser() != null && this.endpoint.getPassword() 
!= null) {
+                final CredentialsProvider credentialsProvider = new 
BasicCredentialsProvider();
+                credentialsProvider.setCredentials(AuthScope.ANY,
+                        new 
UsernamePasswordCredentials(this.endpoint.getUser(), 
this.endpoint.getPassword()));
                 
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-                if (this.endpoint.getCertificatePath() != null) {
-                    httpClientBuilder.setSSLContext(createSslContextFromCa());
+            }
+            if (this.endpoint.getSslContextParameters() != null) {
+                // Use SSLContextParameters (allows configuring named groups, 
signature schemes, cipher suites and
+                // protocols), e.g. for post-quantum readiness on JDK 25+
+                try {
+                    httpClientBuilder.setSSLContext(
+                            
this.endpoint.getSslContextParameters().createSSLContext(getEndpoint().getCamelContext()));
+                } catch (Exception e) {
+                    throw new RuntimeException("Failed to create SSLContext 
from SSLContextParameters", e);
                 }

Review Comment:
   Thanks — added an upgrade-guide entry to `camel-4x-upgrade-guide-4_21.adoc` 
(commit b721b8a6e8e) documenting the new `sslContextParameters` option and its 
precedence (explicit > global > `certificatePath`), and the behavioral change 
where `certificatePath` now applies independently of `user`/`password`. The 
entry also covers the sibling camel-elasticsearch (CAMEL-23444) and camel-solr 
(CAMEL-23446) changes from the same sweep.
   
   _Claude Code on behalf of Andrea Cosentino_



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to