Actually, I need to be more specific with the problem: 1. The application is running an embedded Jetty server.
2. Jetty is set up to as specified following the LikeJettyXML. 3. Some clients within the application may communicate to 3rd party hosts over SSL. This should not be related to any of the SSL settings for Jetty. 4. Before communicating to the 3rd party, the user may want to trust all certificates. In which case the all-trusting manager is setup (as per previous email). 5. This all worked fine before the upgrade to Jetty (9.2.13.v20150730). But I cannot understand why the upgrade would effect this since this is not making requests to the server but out to another server. Any help would be appreciated. It seems to me this is not a Jetty problem, but I thought I would put it by the group to make sure. Melissa On Thu, Sep 17, 2015 at 1:37 PM, Melissa Mifsud < [email protected]> wrote: > In a recent upgrade from Jetty 8 (8.1.8.v20121106) to Jetty 9 > (9.2.13.v20150730), > it seems that code for trusting all SSL certificates is no longer working. > > We do not always want to trust all certificates and so cannot use the > SSLContextFactory(trustAll) constructor. > > The SSL ServerConnector is set up as demonstrated in this example: > http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java > . > > After the application is up and running, there may be a specific use case > in which the user will need to start trusting all certificates, in which > case an all-trusting TrustManager is set up: > > // Create a trust manager that does not validate certificate chains > TrustManager[] trustAllCerts = new TrustManager[]{ > > new X509TrustManager() { > public X509Certificate[] getAcceptedIssuers() { > return new X509Certificate[0]; > } > > public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws > CertificateException { > } > > public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws > CertificateException { > } > }}; > > // Install the all-trusting trust manager > SSLContext sc = SSLContext.getInstance("SSL"); > sc.init(null, trustAllCerts, null); > HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); > > // Create all-trusting host name verifier > HostnameVerifier allHostsValid = new HostnameVerifier() { > public boolean verify(String hostname, SSLSession session) { > return true; > } > }; > > // Install the all-trusting host verifier > HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); > > // set flag to true so that the process is not repeated > sslDisabled = true; > > > Is there something specific with this version that will cause this not to > work anymore? > > Thanks, > > Melissa > > -- ------------------------------ *Melissa Anne Mifsud*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
