Hello jetty users, im trying to get http2-client and http2-server running in my test environment. I've set my server to use SSL, just like i did previously with http3-server:
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("/home/test/keystore3.p12");
sslContextFactory.setKeyStorePassword("passwd");
sslContextFactory.setCertAlias("jetty");
the sslcontextfactory is passed to the connector:
ServerConnector connector = new ServerConnector(server, sslContextFactory, http2);
I can see that the server is starting and is using the right certificate.
Now, on the client side i tried to use following:
ClientConnector connector = http2Client.getClientConnector();
connector.getSslContextFactory().setValidateCerts(false);
connector.getSslContextFactory().setValidatePeerCerts(false);
CompletableFuture<Session> sessionCF = http2Client.connect(connector.getSslContextFactory(), serverAddress,new Session.Listener.Adapter());
Unfortunately i'm ending up with with an exception:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
My self signed cert comes with self signed CA cert, i tried adding it to /etc/ssl/certs/java/cacerts, but result is the same. openssl s_client shows me correct certificate with cert path.
Is there a way to completely disable certificate verification for testing purposes? it seems that both settings i tried are being ignored by http2client
thanks in advance