Re: Make TrustManager Optional When Using SSL For Netty

Mon, 12 Apr 2010 07:15:40 -0700 

Hi,

I have committed a fix based on your change request. You should be able to
now checkout the latest changes from the trunk. 

Cheers,

Ashwin...


Gareth Collins wrote:
> 
> Hello,
> 
> Would it be possible to make the TrustManager optional for Netty SSL
> support? I made a change in my local version of camel-netty and it works
> for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory -
> replacement for the original SSLEngineFactory constructor):
> 
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[]
> passphrase) throws Exception {
>         super();        
>         
>         KeyStore ks = KeyStore.getInstance("JKS");
>         
>         ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>         
>         KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
>         kmf.init(ks, passphrase);
>         
>         sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>         
>         
>         if (trustStoreFile != null)
>         {
>         
>               KeyStore ts = KeyStore.getInstance("JKS");
> 
>               ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> 
>               TrustManagerFactory tmf =
> TrustManagerFactory.getInstance("SunX509");
>               tmf.init(ts);
>               sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
> null);
>         }
>         else
>         {
>               sslContext.init(kmf.getKeyManagers(), null, null);
>         }
>     }
> 
> I ask for this as I have to contact a server where SSL will not work
> properly if a TrustManager is installed. If this could go in before CAMEL
> 2.3 it would be much appreciated.
> 
> A couple of questions about the netty implementation:
> 
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the
> key store format to be configured?
> 
> (2) When I add the TrustManager using netty for the connection where it
> could not be used, netty throws me no exception, the connection remains
> open, but the messages I send do not get to the server. If I connect
> directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException.
> Is there something I am missing here?
> 
> thanks in advance,
> Gareth Collins
> 


-----
--- 
Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence 
Progress Software Corporation
14 Oak Park Drive
Bedford, MA 01730
--- 
+1-972-304-9084 (Office) 
+1-972-971-1700 (Mobile) 
---- 
Blog: http://opensourceknowledge.blogspot.com/


-- 
View this message in context: 
http://old.nabble.com/Make-TrustManager-Optional-When-Using-SSL-For-Netty-tp28186386p28218349.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Reply via email to