Hi Do you really need to use Jetty? If you use Spring Boot or Quarkus they come with HTTP server which you can configure for TLS/SSL more easier than Jetty.
On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko <f...@vsetec.com> wrote: > Hello, > > I'm missing how do I set up the new Jetty in Camel 4 to let me access > the localhost via SSL while developing or when needed for other > purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException: > 400: Invalid SNI" error. > > I'm configuring the SSL as the following: > > JettyHttpComponent jetty = _camel.getComponent(JETTY, > JettyHttpComponent.class); > > // ssl > File keyStoreFile = new > File(_properties.getProperty("keystoreFile", "sborex.jks")); > if (keyStoreFile.exists()) { > String keystorePassword = > _properties.getProperty("keystorePassword", "defaultPassword"); > SSLContextParameters scp = new SSLContextParameters(); > KeyStoreParameters ksp = new KeyStoreParameters(); > try (var stream = > Files.newInputStream(Path.of(keyStoreFile.getPath()))) { > KeyStore ks = > KeyStore.getInstance(_properties.getProperty("keystoreType", "jks")); > ks.load(stream, keystorePassword.toCharArray()); > ksp.setKeyStore(ks); > }catch(Exception e){ > throw new RuntimeException(e); > } > > KeyManagersParameters kmp = new KeyManagersParameters(); > kmp.setKeyStore(ksp); > kmp.setKeyPassword(_properties.getProperty("keyPassword")); > scp.setKeyManagers(kmp); > SecureRequestCustomizer src = new > SecureRequestCustomizer(false); > src.setSniRequired(false); // found this in StackOverflow. > Now what? > jetty.setSslContextParameters(scp); > } > > I've read somewhere that we have to switch off the SNI check for Jetty > through some Secure Request Customizer, but I fail to understand how do > I pass it to the Jetty server; or maybe there is a more generic API for > doing that through the JSSE? > https://camel.apache.org/manual/camel-configuration-utilities.html > > > Thanks! > > -- Claus Ibsen ----------------- @davsclaus Camel in Action 2: https://www.manning.com/ibsen2