Re: [jetty-users] HTTP/2 and self signed certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] HTTP/2 and self signed certificate

From: "Mateusz K." <matkoz1988@xxxxxxxxx>
Date: Thu, 27 Oct 2022 15:21:30 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Thanks Simone, i've set sslContextFactory.setTrustAll(true); before the client was started, and now it works

czw., 27 paź 2022 o 15:09 Simone Bordet <simone.bordet@xxxxxxxxx> napisał(a):

Hi,

On Thu, Oct 27, 2022 at 2:16 PM Mateusz K. <matkoz1988@xxxxxxxxx> wrote:
>
> Hello jetty users, im trying to get http2-client and http2-server running in my test environment. I've set my server to use SSL, just like i did previously with http3-server:
> SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
> sslContextFactory.setKeyStorePath("/home/test/keystore3.p12");
> sslContextFactory.setKeyStorePassword("passwd");
> sslContextFactory.setCertAlias("jetty");
>
> the sslcontextfactory is passed to the connector:
> ServerConnector connector = new ServerConnector(server, sslContextFactory, http2);
>
> I can see that the server is starting and is using the right certificate.
> Now, on the client side i tried to use following:
> ClientConnector connector = http2Client.getClientConnector();
> connector.getSslContextFactory().setValidateCerts(false);
> connector.getSslContextFactory().setValidatePeerCerts(false);
> CompletableFuture<Session> sessionCF = http2Client.connect(connector.getSslContextFactory(), serverAddress,new Session.Listener.Adapter());
>
> Unfortunately i'm ending up with with an exception:
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>
> My self signed cert comes with self signed CA cert, i tried adding it to /etc/ssl/certs/java/cacerts, but result is the same. openssl s_client shows me correct certificate with cert path.
>
> Is there a way to completely disable certificate verification for testing purposes? it seems that both settings i tried are being ignored by http2client

Read here:
https://www.eclipse.org/jetty/documentation/jetty-11/programming-guide/index.html#pg-client-http-configuration-tls

--
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

References:
- [jetty-users] HTTP/2 and self signed certificate
  - From: Mateusz K.
- Re: [jetty-users] HTTP/2 and self signed certificate
  - From: Simone Bordet

Prev by Date: Re: [jetty-users] HTTP/2 and self signed certificate
Next by Date: [jetty-users] Jetty 12 schedule?
Previous by thread: Re: [jetty-users] HTTP/2 and self signed certificate
Next by thread: [jetty-users] Jetty 12 schedule?
Index(es):
- Date
- Thread

Breadcrumbs