> private final TrustManager[] trustManager;
> private final Supplier<Credentials> creds;
>
> @Inject
> - SSLContextWithKeysSupplier(Supplier<KeyStore> keyStore, @Provider
> Supplier<Credentials> creds, HttpUtils utils,
> - TrustAllCerts trustAllCerts) {
> - this.keyStore = keyStore;
> - this.trustManager = utils.trustAllCerts() ? new TrustManager[] {
> trustAllCerts } : null;
> + SSLContextWithKeysSupplier(@Provider Supplier<Credentials> creds,
> TrustAllCerts trustAllCerts) {
> + this.trustManager = new TrustManager[]{trustAllCerts};
Trusting all certificates is not related to self-signed certificates. A
TrustManager *tells* the JVM if it can trust a server certificate or not,
regardless of how those certificates are signed or generated. Instructing the
JVM to "trust every single certificate you are presented" is not a good
approach to trust one particular certificate just because it is self-signed.
You should install the trust all certs if the users have configured that, or
configure the default one (by passing `null`, read the [SSLContext#init
javadocs](http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#init(javax.net.ssl.KeyManager[],%20javax.net.ssl.TrustManager[],%20java.security.SecureRandom)).
This way the appropriate default TrustManager will be picked and users that
don't use the "trust-all-certs" thing will be able to install just the
certificates they trust.
---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/113/files#r21887247
