davsclaus commented on code in PR #23967:
URL: https://github.com/apache/camel/pull/23967#discussion_r3397586850
##########
components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java:
##########
@@ -380,18 +380,27 @@ private RestClient createClient() throws Exception {
builder.setRequestConfigCallback(requestConfigBuilder ->
requestConfigBuilder
.setConnectTimeout(this.endpoint.getConnectionTimeout()).setSocketTimeout(this.endpoint.getSocketTimeout()));
- if (this.endpoint.getUser() != null && this.endpoint.getPassword() !=
null) {
- final CredentialsProvider credentialsProvider = new
BasicCredentialsProvider();
- credentialsProvider.setCredentials(AuthScope.ANY,
- new UsernamePasswordCredentials(this.endpoint.getUser(),
this.endpoint.getPassword()));
- builder.setHttpClientConfigCallback(httpClientBuilder -> {
+ builder.setHttpClientConfigCallback(httpClientBuilder -> {
+ if (this.endpoint.getUser() != null && this.endpoint.getPassword()
!= null) {
+ final CredentialsProvider credentialsProvider = new
BasicCredentialsProvider();
+ credentialsProvider.setCredentials(AuthScope.ANY,
+ new
UsernamePasswordCredentials(this.endpoint.getUser(),
this.endpoint.getPassword()));
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
- if (this.endpoint.getCertificatePath() != null) {
- httpClientBuilder.setSSLContext(createSslContextFromCa());
+ }
+ if (this.endpoint.getSslContextParameters() != null) {
+ // Use SSLContextParameters (allows configuring named groups,
signature schemes, cipher suites and
+ // protocols), e.g. for post-quantum readiness on JDK 25+
+ try {
+ httpClientBuilder.setSSLContext(
+
this.endpoint.getSslContextParameters().createSSLContext(getEndpoint().getCamelContext()));
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create SSLContext
from SSLContextParameters", e);
}
Review Comment:
Good refactoring — moving `setHttpClientConfigCallback` outside the `user !=
null && password != null` guard fixes a pre-existing bug where
`certificatePath` was silently ignored when no credentials were configured.
This behavioral change should be noted in the upgrade guide
(`camel-4x-upgrade-guide-4_21.adoc`) since users who previously had
`certificatePath` set without credentials will now get TLS enabled where it was
previously a no-op.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
