Hi
Do you really need to use Jetty? If you use Spring Boot or Quarkus they
come with HTTP server which you can configure for TLS/SSL more easier than
Jetty.
On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko <f...@vsetec.com> wrote:
> Hello,
>
> I'm missing how do I set up the new Jetty in Camel 4 to let me access
> the localhost via SSL while developing or when needed for other
> purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
> 400: Invalid SNI" error.
>
> I'm configuring the SSL as the following:
>
> JettyHttpComponent jetty = _camel.getComponent(JETTY,
> JettyHttpComponent.class);
>
> // ssl
> File keyStoreFile = new
> File(_properties.getProperty("keystoreFile", "sborex.jks"));
> if (keyStoreFile.exists()) {
> String keystorePassword =
> _properties.getProperty("keystorePassword", "defaultPassword");
> SSLContextParameters scp = new SSLContextParameters();
> KeyStoreParameters ksp = new KeyStoreParameters();
> try (var stream =
> Files.newInputStream(Path.of(keyStoreFile.getPath()))) {
> KeyStore ks =
> KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
> ks.load(stream, keystorePassword.toCharArray());
> ksp.setKeyStore(ks);
> }catch(Exception e){
> throw new RuntimeException(e);
> }
>
> KeyManagersParameters kmp = new KeyManagersParameters();
> kmp.setKeyStore(ksp);
> kmp.setKeyPassword(_properties.getProperty("keyPassword"));
> scp.setKeyManagers(kmp);
> SecureRequestCustomizer src = new
> SecureRequestCustomizer(false);
> src.setSniRequired(false); // found this in StackOverflow.
> Now what?
> jetty.setSslContextParameters(scp);
> }
>
> I've read somewhere that we have to switch off the SNI check for Jetty
> through some Secure Request Customizer, but I fail to understand how do
> I pass it to the Jetty server; or maybe there is a more generic API for
> doing that through the JSSE?
> https://camel.apache.org/manual/camel-configuration-utilities.html
>
>
> Thanks!
>
>
--
Claus Ibsen
-----------------
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
