[jira] Created: (CAMEL-2625) Improvements and minor change requests to camel-netty

Thu, 08 Apr 2010 19:09:35 -0700 

Improvements and minor change requests to camel-netty
-----------------------------------------------------

                 Key: CAMEL-2625
                 URL: https://issues.apache.org/activemq/browse/CAMEL-2625
             Project: Apache Camel
          Issue Type: Improvement
            Reporter: Ashwin Karpe
             Fix For: 2.3.0


(Request by Gareth Collins via nabble request...)

Would it be possible to make the TrustManager optional for Netty SSL support? I 
made a change in my local version of camel-netty and it works for me (file 
org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement for the 
original SSLEngineFactory constructor): 

public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] 
passphrase) throws Exception { 
        super();         
        
        KeyStore ks = KeyStore.getInstance("JKS"); 
        
        ks.load(IOConverter.toInputStream(keyStoreFile), passphrase); 
        
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 
        kmf.init(ks, passphrase); 
        
        sslContext = SSLContext.getInstance(SSL_PROTOCOL); 
        
        
        if (trustStoreFile != null) 
        { 
        
        KeyStore ts = KeyStore.getInstance("JKS"); 

        ts.load(IOConverter.toInputStream(trustStoreFile), passphrase); 

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 
        tmf.init(ts); 
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 
        } 
        else 
        { 
        sslContext.init(kmf.getKeyManagers(), null, null); 
        } 
    } 

I ask for this as I have to contact a server where SSL will not work properly 
if a TrustManager is installed. If this could go in before CAMEL 2.3 it would 
be much appreciated. 

A couple of questions about the netty implementation: 

(1) Is there a reason why JKS was hardcoded here, rather than allowing the key 
store format to be configured? 

(2) When I add the TrustManager using netty for the connection where it could 
not be used, netty throws me no exception, the connection remains open, but the 
messages I send do not get to the server. If I connect directly using an 
SSLSocket I see a javax.net.ssl.SSLHandshakeException. Is there something I am 
missing here?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to