Re: Jetty and the Invalid SNI

Thu, 21 Sep 2023 06:35:31 -0700 

Hello,
I don't really want to use Jetty, but I'm currently migrating my project that uses Jetty from Camel 2 via 3 to 4. I'll be able to use something different when it starts working with Jetty so I'm able to fix every other functionality before switching to a different web server. Unfortunately I don't use Spring or Quarkus, but it has to be able to run standalone for the time being. I'm looking into Undertow because it offers the websockets like Jetty seemed to offer previously, but first I have to make Jetty work. 


On 21.09.2023 11:32, Claus Ibsen wrote:

Hi

Do you really need to use Jetty? If you use Spring Boot or Quarkus they
come with HTTP server which you can configure for TLS/SSL more easier than
Jetty.

On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko <f...@vsetec.com> wrote:


Hello,

I'm missing how do I set up the new Jetty in Camel 4 to let me access
the localhost via SSL while developing or when needed for other
purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
400: Invalid SNI" error.

I'm configuring the SSL as the following:

          JettyHttpComponent jetty = _camel.getComponent(JETTY,
JettyHttpComponent.class);

          // ssl
          File keyStoreFile = new
File(_properties.getProperty("keystoreFile", "sborex.jks"));
          if (keyStoreFile.exists()) {
              String keystorePassword =
_properties.getProperty("keystorePassword", "defaultPassword");
              SSLContextParameters scp = new SSLContextParameters();
              KeyStoreParameters ksp = new KeyStoreParameters();
              try (var stream =
Files.newInputStream(Path.of(keyStoreFile.getPath()))) {
                  KeyStore ks =
KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
                  ks.load(stream, keystorePassword.toCharArray());
                  ksp.setKeyStore(ks);
              }catch(Exception e){
                  throw new RuntimeException(e);
              }

              KeyManagersParameters kmp = new KeyManagersParameters();
              kmp.setKeyStore(ksp);
kmp.setKeyPassword(_properties.getProperty("keyPassword"));
              scp.setKeyManagers(kmp);
              SecureRequestCustomizer src = new
SecureRequestCustomizer(false);
              src.setSniRequired(false); // found this in StackOverflow.
Now what?
              jetty.setSslContextParameters(scp);
          }

I've read somewhere that we have to switch off the SNI check for Jetty
through some Secure Request Customizer, but I fail to understand how do
I pass it to the Jetty server; or maybe there is a more generic API for
doing that through the JSSE?
https://camel.apache.org/manual/camel-configuration-utilities.html


Thanks!
























					Reply via email to