In a recent upgrade from Jetty 8 (8.1.8.v20121106) to Jetty 9 (9.2.13.v20150730), it seems that code for trusting all SSL certificates is no longer working.
We do not always want to trust all certificates and so cannot use the SSLContextFactory(trustAll) constructor. The SSL ServerConnector is set up as demonstrated in this example: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java . After the application is up and running, there may be a specific use case in which the user will need to start trusting all certificates, in which case an all-trusting TrustManager is set up: // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } }}; // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, null); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); // set flag to true so that the process is not repeated sslDisabled = true; Is there something specific with this version that will cause this not to work anymore? Thanks, Melissa
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
