Hi,
I have a test-scenario with an endpoint with no TLS configuration, and a
client with a http conduit configured with a trust manager, e.g:
<http:tlsClientParameters>
<cxfsec:trustManagers>
<cxfsec:certStore resource="... "/>
</cxfsec:trustManagers>
</http:tlsClientParameters>
With CXF 2.1, an invocation fails with:
Caused by: java.io.IOException: Illegal Protocol http for HTTPS
URLConnection Factory.
In other words, the tlsClientParameters configuration is taken as
requiring that communication takes place with the endpoint over TLS, and
as the endpoint has no TLS configuration the invocation fails.
However, with CXF 2.2 this invocation passes with no exception. Is this
a deliberate or inadvertent change? How does the client enforce that TLS
is used?
Colm.
