You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Ashwin Karpe (JIRA)" <ji...@apache.org> on 2010/04/09 04:09:08 UTC
[jira] Created: (CAMEL-2625) Improvements and minor change requests
to camel-netty
Improvements and minor change requests to camel-netty
-----------------------------------------------------
Key: CAMEL-2625
URL: https://issues.apache.org/activemq/browse/CAMEL-2625
Project: Apache Camel
Issue Type: Improvement
Reporter: Ashwin Karpe
Fix For: 2.3.0
(Request by Gareth Collins via nabble request...)
Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
super();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
sslContext = SSLContext.getInstance(SSL_PROTOCOL);
if (trustStoreFile != null)
{
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
}
else
{
sslContext.init(kmf.getKeyManagers(), null, null);
}
}
I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
A couple of questions about the netty implementation:
(1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
(2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2625) Improvements and minor change requests
to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe updated CAMEL-2625:
--------------------------------
Attachment: (was: CAMEL-2625-Netty-Patch.diff)
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-Netty.patch, CAMEL-2625-netty.zip
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58875#action_58875 ]
Ashwin Karpe commented on CAMEL-2625:
-------------------------------------
Hi Claus,
I have updated the WIKI with the 2 setting and am marking this issue as resolved.
Cheers,
Ashwin...
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-Netty.patch, CAMEL-2625-netty.zip
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Work started: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on CAMEL-2625 started by Ashwin Karpe.
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2625) Improvements and minor change requests
to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe updated CAMEL-2625:
--------------------------------
Attachment: CAMEL-2625-camel-netty.zip
CAMEL-2625-Netty-Patch.diff
Hi Claus & Gareth,
I have attached a patch and zip file containing the updated camel-netty component.
I have made the changes to the SSL functionality you requested. I have also made the Keystore Format and Security Provider configurable.
As for the final issue, I am not quite sure on how to reproduce it and need further guidance.
I have performed the checkstyle checks and tested the code to see whether all the tests go through.... Could you please review and let me know if I can go ahead and commit this patch.
Cheers,
Ashwin...
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe reassigned CAMEL-2625:
-----------------------------------
Assignee: Ashwin Karpe
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58716#action_58716 ]
Claus Ibsen commented on CAMEL-2625:
------------------------------------
And Ashwin could you take a look at this request about the disconnect option, which may be missing?
http://old.nabble.com/Disconnect-option-in-Netty-component-ts28175724.html
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58754#action_58754 ]
Ashwin Karpe commented on CAMEL-2625:
-------------------------------------
Claus,
BTW, I am modifyting the patch above with your recommendations and will commit the code later today. I will also update the documentation accoringly.
Cheers,
Ashwin...
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CAMEL-2625) Improvements and minor change requests
to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe updated CAMEL-2625:
--------------------------------
Attachment: CAMEL-2625-Netty.patch
CAMEL-2625-netty.zip
Hi Gareth & Claus,
I have made the changes you suggested and have checked in the code into the Camel trunk. I will change the WIKI documentation shortly.
Patch committed as revision r933241.
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-Netty.patch, CAMEL-2625-netty.zip
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58713#action_58713 ]
Ashwin Karpe commented on CAMEL-2625:
-------------------------------------
Original Nabble Request --> http://old.nabble.com/Make-TrustManager-Optional-When-Using-SSL-For-Netty-td28186386.html
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2625) Improvements and minor change requests
to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe updated CAMEL-2625:
--------------------------------
Attachment: (was: CAMEL-2625-camel-netty.zip)
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-Netty.patch, CAMEL-2625-netty.zip
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe resolved CAMEL-2625.
---------------------------------
Resolution: Fixed
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-Netty.patch, CAMEL-2625-netty.zip
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Issue Comment Edited: (CAMEL-2625) Improvements and minor
change requests to camel-netty
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58715#action_58715 ]
Claus Ibsen edited comment on CAMEL-2625 at 4/9/10 4:22 AM:
------------------------------------------------------------
Looks good but this code
{code}
sslHandler = component.resolveAndRemoveReferenceParameter(parameters, "sslHandler", SslHandler.class, null);
passphrase = component.resolveAndRemoveReferenceParameter(parameters, "passphrase", String.class, null);
+ keyStoreFormat = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFormat", String.class, "JKS");
+ securityProvider = component.resolveAndRemoveReferenceParameter(parameters, "securityProvider", String.class, "SunX509");
keyStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFile", File.class, null);
trustStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "trustStoreFile", File.class, null);
encoder = component.resolveAndRemoveReferenceParameter(parameters, "encoder", ChannelDownstreamHandler.class, new ObjectEncoder());
{code}
The method {{resolveAndRemoveReferenceParameter}} is essentially only needed when you have complex objects (eg SslHandler.class etc.).
When you have simple types such as a String, Number, Boolean etc. then they are not usually referenced/lookup up, and hence you would use
{{getAndRemoveParameter}} method instead (I think that is the name). refereneable
But the {{resolveAndRemoveReferenceParameter}} should fallback to the other method as well, so there is no harm. Just when reading the code you may be surprised the first time.
Also those new options should be added to the wiki page and their default values listed. Eg the SunX509 default may not run on IBM JDKs where you have to provide a provider that is included by IBM.
was (Author: davsclaus):
Looks good but this code
{code}
sslHandler = component.resolveAndRemoveReferenceParameter(parameters, "sslHandler", SslHandler.class, null);
passphrase = component.resolveAndRemoveReferenceParameter(parameters, "passphrase", String.class, null);
+ keyStoreFormat = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFormat", String.class, "JKS");
+ securityProvider = component.resolveAndRemoveReferenceParameter(parameters, "securityProvider", String.class, "SunX509");
keyStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFile", File.class, null);
trustStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "trustStoreFile", File.class, null);
encoder = component.resolveAndRemoveReferenceParameter(parameters, "encoder", ChannelDownstreamHandler.class, new ObjectEncoder());
{code}
The method {{resolveAndRemoveReferenceParameter}} is essentially only needed when you have complex objects (eg SslHandler.class etc.).
When you have simple types such as a String, Number, Boolean etc. then they are not usually, and hence you would use
{{getAndRemoveParameter}} method instead (I think that is the name). refereneable
But the {{resolveAndRemoveReferenceParameter}} should fallback to the other method as well, so there is no harm. Just when reading the code you may be surprised the first time.
Also those new options should be added to the wiki page and their default values listed. Eg the SunX509 default may not run on IBM JDKs where you have to provide a provider that is included by IBM.
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (CAMEL-2625) Improvements and minor
change requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58754#action_58754 ]
Ashwin Karpe edited comment on CAMEL-2625 at 4/10/10 8:22 AM:
--------------------------------------------------------------
Claus,
BTW, I am modifyting the patch above with your recommendations and will commit the code later today. I will also update the documentation accordingly.
Cheers,
Ashwin...
was (Author: akarpe):
Claus,
BTW, I am modifyting the patch above with your recommendations and will commit the code later today. I will also update the documentation accoringly.
Cheers,
Ashwin...
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58715#action_58715 ]
Claus Ibsen commented on CAMEL-2625:
------------------------------------
Looks good but this code
{code}
sslHandler = component.resolveAndRemoveReferenceParameter(parameters, "sslHandler", SslHandler.class, null);
passphrase = component.resolveAndRemoveReferenceParameter(parameters, "passphrase", String.class, null);
+ keyStoreFormat = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFormat", String.class, "JKS");
+ securityProvider = component.resolveAndRemoveReferenceParameter(parameters, "securityProvider", String.class, "SunX509");
keyStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFile", File.class, null);
trustStoreFile = component.resolveAndRemoveReferenceParameter(parameters, "trustStoreFile", File.class, null);
encoder = component.resolveAndRemoveReferenceParameter(parameters, "encoder", ChannelDownstreamHandler.class, new ObjectEncoder());
{code}
The method {{resolveAndRemoveReferenceParameter}} is essentially only needed when you have complex objects (eg SslHandler.class etc.).
When you have simple types such as a String, Number, Boolean etc. then they are not usually, and hence you would use
{{getAndRemoveParameter}} method instead (I think that is the name). refereneable
But the {{resolveAndRemoveReferenceParameter}} should fallback to the other method as well, so there is no harm. Just when reading the code you may be surprised the first time.
Also those new options should be added to the wiki page and their default values listed. Eg the SunX509 default may not run on IBM JDKs where you have to provide a provider that is included by IBM.
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2625) Improvements and minor change
requests to camel-netty
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58753#action_58753 ]
Ashwin Karpe commented on CAMEL-2625:
-------------------------------------
Hi Claus,
I did notice the nabble issue yesterday but I hesitated to create a Jira issue and start work on it I was waiting for Johan to create the Jira issue. If he does not in a couple of days, I will create it on his behalf, investigate the Mina component and implement similar fundtionality in Netty.
Cheers,
Ashwin...
> Improvements and minor change requests to camel-netty
> -----------------------------------------------------
>
> Key: CAMEL-2625
> URL: https://issues.apache.org/activemq/browse/CAMEL-2625
> Project: Apache Camel
> Issue Type: Improvement
> Reporter: Ashwin Karpe
> Assignee: Ashwin Karpe
> Fix For: 2.3.0
>
> Attachments: CAMEL-2625-camel-netty.zip, CAMEL-2625-Netty-Patch.diff
>
>
> (Request by Gareth Collins via nabble request...)
> Would it be possible to make the TrustManager optional for Netty SSL support? I made a change in my local version of camel-netty and it works for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the original SSLEngineFactory constructor):
> public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
> super();
>
> KeyStore ks = KeyStore.getInstance("JKS");
>
> ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, passphrase);
>
> sslContext = SSLContext.getInstance(SSL_PROTOCOL);
>
>
> if (trustStoreFile != null)
> {
>
> KeyStore ts = KeyStore.getInstance("JKS");
> ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(ts);
> sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
> }
> else
> {
> sslContext.init(kmf.getKeyManagers(), null, null);
> }
> }
> I ask for this as I have to contact a server where SSL will not work properly if a TrustManager is installed. If this could go in before CAMEL 2.3 it would be much appreciated.
> A couple of questions about the netty implementation:
> (1) Is there a reason why JKS was hardcoded here, rather than allowing the key store format to be configured?
> (2) When I add the TrustManager using netty for the connection where it could not be used, netty throws me no exception, the connection remains open, but the messages I send do not get to the server. If I connect directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am missing here?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira