allow for the SSLContext's default trust manager to be used.
Project: http://git-wip-us.apache.org/repos/asf/mina-vysper/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-vysper/commit/2f95d013 Tree: http://git-wip-us.apache.org/repos/asf/mina-vysper/tree/2f95d013 Diff: http://git-wip-us.apache.org/repos/asf/mina-vysper/diff/2f95d013 Branch: refs/heads/master Commit: 2f95d01327e3033f45cbc24e4a2fdb64f295416c Parents: 19fd1b6 Author: Bernd Fondermann <[email protected]> Authored: Mon Jul 1 12:47:44 2013 +0200 Committer: Bernd Fondermann <[email protected]> Committed: Mon Jul 1 12:47:44 2013 +0200 ---------------------------------------------------------------------- .../xmpp/cryptography/AbstractTLSContextFactory.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-vysper/blob/2f95d013/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/AbstractTLSContextFactory.java ---------------------------------------------------------------------- diff --git a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/AbstractTLSContextFactory.java b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/AbstractTLSContextFactory.java index 4e92059..f26cc92 100644 --- a/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/AbstractTLSContextFactory.java +++ b/server/core/src/main/java/org/apache/vysper/xmpp/cryptography/AbstractTLSContextFactory.java @@ -27,6 +27,7 @@ import java.security.Security; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; /** * derived from MINA's BogusSSLContextFactory. @@ -57,9 +58,9 @@ public abstract class AbstractTLSContextFactory implements TLSContextFactory { private String keystoreType = DEFAULT_KEYSTORE_TYPE; - protected TrustManagerFactory trustManagerFactory = new BogusTrustManagerFactory(); + protected TrustManagerFactory trustManagerFactory = null; - // NOTE: The keystore was generated using keytool: + // NOTE: The keystore 'bogus_mina_tls.cert' was generated using keytool: // keytool -genkey -alias bogus -keysize 512 -validity 3650 // -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, // O=BogusTrustManagerFactory Inc, L=Stockholm, S=Stockholm, C=SE" @@ -108,7 +109,13 @@ public abstract class AbstractTLSContextFactory implements TLSContextFactory { // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); - sslContext.init(kmf.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + + TrustManager[] trustManagers = null; // this is the default + if (trustManagerFactory != null) { + // override the default with configured ones + trustManagers = trustManagerFactory.getTrustManagers(); + } + sslContext.init(kmf.getKeyManagers(), trustManagers, null); return sslContext; }
