[jira] [Commented] (CAMEL-15729) Graphql integration does not allow for TLS using private CAs

Tue, 07 Jan 2025 05:22:04 -0800 


    [ 
https://issues.apache.org/jira/browse/CAMEL-15729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910632#comment-17910632
 ] 

Claus Ibsen commented on CAMEL-15729:
-------------------------------------

Yeah it uses apache http client v5 and we would need to add support for setting 
up TLS/SSL with this client.

You can create a custom client and configure it and use that with Camel until 
there is something easier out of the box.

> Graphql integration does not allow for TLS using private CAs
> ------------------------------------------------------------
>
>                 Key: CAMEL-15729
>                 URL: https://issues.apache.org/jira/browse/CAMEL-15729
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-graphql
>    Affects Versions: 3.6.0
>         Environment: OCP 4.5 on X using Apache Camel Operator 1.2.0, but 
> other environments apply as well.
>            Reporter: Tim Kaczynski
>            Priority: Minor
>             Fix For: 4.x
>
>
> This enhancement request was generated from a question on zulipchat:
> [https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Adding.20a.20trustStore.20for.20graphql/near/213944005]
> We are writing an integration that needs to produce messages to a graphql 
> server.  The graphql server is using TLS and its certificate was generated by 
> an internal CA.  There does not appear to be a way to provide a trust store 
> to the graphql producer, like there is for say the Kafka integrations.  
> Connections to graphql fail due to the inability to build a trusted 
> certificate chain.
> Possible non-trivial solutions include assuming the graphql integration is 
> using the apache HTTP client, and setting up a new protocol that uses a 
> custom trust store.  Also (using camel-k) using the JVM taint to alter the 
> JSSE configuration / java properties, adding a trust store containing the CA. 
>  However both of these solutions require assumptions about the implementation 
> that may not always be true (and we have not tested them yet).  Could also 
> use the HTTP[4] integration directly to talk to graphql but this requires 
> coding the REST request manually.
> If there were a parameter on the graphql integration where we could input a 
> trust store, type, and password, that would be an ideal solution.  Or perhaps 
> some other way of modifying the default trust store using camel-k (this would 
> benefit all integrations).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to