You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2022/09/02 17:14:00 UTC

[jira] [Updated] (CAMEL-15729) Graphql integration does not allow for TLS using private CAs

     [ https://issues.apache.org/jira/browse/CAMEL-15729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Claus Ibsen updated CAMEL-15729:
--------------------------------
    Priority: Minor  (was: Major)

> Graphql integration does not allow for TLS using private CAs
> ------------------------------------------------------------
>
>                 Key: CAMEL-15729
>                 URL: https://issues.apache.org/jira/browse/CAMEL-15729
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-graphql
>    Affects Versions: 3.6.0
>         Environment: OCP 4.5 on X using Apache Camel Operator 1.2.0, but other environments apply as well.
>            Reporter: Tim Kaczynski
>            Priority: Minor
>
> This enhancement request was generated from a question on zulipchat:
> [https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Adding.20a.20trustStore.20for.20graphql/near/213944005]
> We are writing an integration that needs to produce messages to a graphql server.  The graphql server is using TLS and its certificate was generated by an internal CA.  There does not appear to be a way to provide a trust store to the graphql producer, like there is for say the Kafka integrations.  Connections to graphql fail due to the inability to build a trusted certificate chain.
> Possible non-trivial solutions include assuming the graphql integration is using the apache HTTP client, and setting up a new protocol that uses a custom trust store.  Also (using camel-k) using the JVM taint to alter the JSSE configuration / java properties, adding a trust store containing the CA.  However both of these solutions require assumptions about the implementation that may not always be true (and we have not tested them yet).  Could also use the HTTP[4] integration directly to talk to graphql but this requires coding the REST request manually.
> If there were a parameter on the graphql integration where we could input a trust store, type, and password, that would be an ideal solution.  Or perhaps some other way of modifying the default trust store using camel-k (this would benefit all integrations).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)