You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2020/03/17 08:02:16 UTC
[camel] branch camel-3.1.x updated: CAMEL-14711 - Disable RabbitMQ
Java serialization by default (#3633)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch camel-3.1.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-3.1.x by this push:
new c7d6a6b CAMEL-14711 - Disable RabbitMQ Java serialization by default (#3633)
c7d6a6b is described below
commit c7d6a6bfd8d9bf2ee17a7d40897b1ce4574f4103
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Mon Mar 16 18:50:52 2020 +0000
CAMEL-14711 - Disable RabbitMQ Java serialization by default (#3633)
---
.../rabbitmq/RabbitMQEndpointConfigurer.java | 2 +
.../apache/camel/component/rabbitmq/rabbitmq.json | 1 +
.../src/main/docs/rabbitmq-component.adoc | 3 +-
.../camel/component/rabbitmq/RabbitMQEndpoint.java | 22 +++-
.../rabbitmq/RabbitMQMessageConverter.java | 10 +-
.../rabbitmq/RabbitMQMessagePublisher.java | 5 +-
.../rabbitmq/reply/ReplyManagerSupport.java | 4 +-
.../rabbitmq/integration/RabbitMQInOutIntTest.java | 10 +-
.../dsl/RabbitMQEndpointBuilderFactory.java | 126 +++++++++++++++++++++
.../modules/ROOT/pages/rabbitmq-component.adoc | 3 +-
10 files changed, 168 insertions(+), 18 deletions(-)
diff --git a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
index d4756db..9d1c18b 100644
--- a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
+++ b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
@@ -113,6 +113,8 @@ public class RabbitMQEndpointConfigurer extends PropertyConfigurerSupport implem
case "topologyRecoveryEnabled": target.setTopologyRecoveryEnabled(property(camelContext, java.lang.Boolean.class, value)); return true;
case "transferexception":
case "transferException": target.setTransferException(property(camelContext, boolean.class, value)); return true;
+ case "allowmessagebodyserialization":
+ case "allowMessageBodySerialization": target.setAllowMessageBodySerialization(property(camelContext, boolean.class, value)); return true;
case "password": target.setPassword(property(camelContext, java.lang.String.class, value)); return true;
case "sslprotocol":
case "sslProtocol": target.setSslProtocol(property(camelContext, java.lang.String.class, value)); return true;
diff --git a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
index 8d16751..ad41dcf 100644
--- a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
+++ b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
@@ -129,6 +129,7 @@
"synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
"topologyRecoveryEnabled": { "kind": "parameter", "displayName": "Topology Recovery Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "description": "Enables connection topology recovery (should topology recovery be performed)" },
"transferException": { "kind": "parameter", "displayName": "Transfer Exception", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response" },
+ "allowMessageBodySerialization": { "kind": "parameter", "displayName": "Allow Message Body Serialization", "group": "allowMessageBodySerialization", "label": "allowMessageBodySerialization", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java se [...]
"password": { "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": true, "defaultValue": "guest", "description": "Password for authenticated access" },
"sslProtocol": { "kind": "parameter", "displayName": "Ssl Protocol", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Enables SSL on connection, accepted value are true, TLS and 'SSLv3" },
"trustManager": { "kind": "parameter", "displayName": "Trust Manager", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.TrustManager", "deprecated": false, "secret": false, "description": "Configure SSL trust manager, SSL should be enabled for this option to be effective" },
diff --git a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
index 9778ac4..3b5d54a 100644
--- a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
+++ b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
@@ -133,7 +133,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (59 parameters):
+=== Query Parameters (60 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -194,6 +194,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
index 3f46fe2..396b496 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
@@ -166,7 +166,8 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
private boolean guaranteedDeliveries;
@UriParam(label = "producer")
private boolean allowNullHeaders;
- // camel-jms supports this setting but it is not currently configurable in camel-rabbitmq
+ @UriParam(label = "allowMessageBodySerialization", defaultValue = "false")
+ private boolean allowMessageBodySerialization;
private boolean useMessageIDAsCorrelationID = true;
// camel-jms supports this setting but it is not currently configurable in camel-rabbitmq
private String replyToType = ReplyToType.Temporary.name();
@@ -191,7 +192,7 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
public Exchange createRabbitExchange(Envelope envelope, AMQP.BasicProperties properties, byte[] body) {
Exchange exchange = super.createExchange();
- messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false);
+ messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false, allowMessageBodySerialization);
return exchange;
}
@@ -569,6 +570,23 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
this.automaticRecoveryEnabled = automaticRecoveryEnabled;
}
+ public boolean isAllowMessageBodySerialization() {
+ return allowMessageBodySerialization;
+ }
+
+ /**
+ * Whether to allow Java serialization of the message body or not. If this value is true, the message body
+ * will be serialized on the producer side using Java serialization, if no type converter can handle the
+ * message body. On the consumer side, it will deserialize the message body if this value is true and the
+ * message contains a CamelSerialize header.
+ *
+ * Setting this value to true may introduce a security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other security vulnerability.
+ */
+ public void setAllowMessageBodySerialization(boolean allowMessageBodySerialization) {
+ this.allowMessageBodySerialization = allowMessageBodySerialization;
+ }
+
public Integer getNetworkRecoveryInterval() {
return networkRecoveryInterval;
}
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
index a5ceb41..0aba71d 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
@@ -233,10 +233,11 @@ public class RabbitMQMessageConverter {
return null;
}
- public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out) {
+ public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out,
+ final boolean allowMessageBodySerialization) {
Message message = resolveMessageFrom(camelExchange, out);
populateMessageHeaders(message, envelope, properties);
- populateMessageBody(message, camelExchange, properties, body);
+ populateMessageBody(message, camelExchange, properties, body, allowMessageBodySerialization);
}
private Message resolveMessageFrom(final Exchange camelExchange, final boolean out) {
@@ -284,8 +285,9 @@ public class RabbitMQMessageConverter {
}
}
- private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body) {
- if (hasSerializeHeader(properties)) {
+ private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body,
+ final boolean allowMessageBodySerialization) {
+ if (allowMessageBodySerialization && hasSerializeHeader(properties)) {
deserializeBody(camelExchange, message, body);
} else {
// Set the body as a byte[] and let the type converter deal with it
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
index 02d08b1..c4cc99e 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
@@ -86,8 +86,9 @@ public class RabbitMQMessagePublisher {
properties = endpoint.getMessageConverter().buildProperties(camelExchange).build();
} catch (NoTypeConversionAvailableException | TypeConversionException e) {
- if (message.getBody() instanceof Serializable) {
- // Add the header so the reply processor knows to de-serialize it
+ if (message.getBody() instanceof Serializable && endpoint.isAllowMessageBodySerialization()) {
+ // Add the header so the reply processor knows to de-serialize
+ // it
message.getHeaders().put(RabbitMQEndpoint.SERIALIZE_HEADER, true);
properties = endpoint.getMessageConverter().buildProperties(camelExchange).build();
body = serializeBodyFrom(message);
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
index 02320ac..ca23910 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
@@ -160,8 +160,8 @@ public abstract class ReplyManagerSupport extends ServiceSupport implements Repl
String msg = "reply message with correlationID: " + holder.getCorrelationId() + " not received on destination: " + replyTo;
exchange.setException(new ExchangeTimedOutException(exchange, holder.getRequestTimeout(), msg));
} else {
-
- messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true);
+ messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true,
+ endpoint.isAllowMessageBodySerialization());
// restore correlation id in case the remote server messed with it
if (holder.getOriginalCorrelationId() != null) {
diff --git a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
index 41db517..7d869d5 100644
--- a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
+++ b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
@@ -60,15 +60,13 @@ public class RabbitMQInOutIntTest extends AbstractRabbitMQIntTest {
@Produce("direct:rabbitMQ")
protected ProducerTemplate directProducer;
- @EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
- + "&autoAck=true&queue=q4&routingKey=" + ROUTING_KEY
- + "&transferException=true&requestTimeout=" + TIMEOUT_MS)
+ @EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest" + "&autoAck=true&queue=q4&routingKey="
+ + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS + "&allowMessageBodySerialization=true")
private Endpoint rabbitMQEndpoint;
@EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE_NO_ACK + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
- + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY
- + "&transferException=true&requestTimeout=" + TIMEOUT_MS
- + "&args=#args")
+ + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY + "&transferException=true&requestTimeout="
+ + TIMEOUT_MS + "&args=#args" + "&allowMessageBodySerialization=true")
private Endpoint noAutoAckEndpoint;
@EndpointInject("mock:result")
diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
index 8083182..eba8570 100644
--- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
+++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
@@ -698,6 +698,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -1949,6 +1991,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -2810,6 +2894,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
diff --git a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
index fba9e1a..087e2c4 100644
--- a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
+++ b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
@@ -134,7 +134,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (59 parameters):
+=== Query Parameters (60 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -195,6 +195,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager