Hi, On Thu, Oct 27, 2022 at 2:16 PM Mateusz K. <[email protected]> wrote: > > Hello jetty users, im trying to get http2-client and http2-server running in > my test environment. I've set my server to use SSL, just like i did > previously with http3-server: > SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); > sslContextFactory.setKeyStorePath("/home/test/keystore3.p12"); > sslContextFactory.setKeyStorePassword("passwd"); > sslContextFactory.setCertAlias("jetty"); > > the sslcontextfactory is passed to the connector: > ServerConnector connector = new ServerConnector(server, sslContextFactory, > http2); > > I can see that the server is starting and is using the right certificate. > Now, on the client side i tried to use following: > ClientConnector connector = http2Client.getClientConnector(); > connector.getSslContextFactory().setValidateCerts(false); > connector.getSslContextFactory().setValidatePeerCerts(false); > CompletableFuture<Session> sessionCF = > http2Client.connect(connector.getSslContextFactory(), serverAddress,new > Session.Listener.Adapter()); > > Unfortunately i'm ending up with with an exception: > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > My self signed cert comes with self signed CA cert, i tried adding it to > /etc/ssl/certs/java/cacerts, but result is the same. openssl s_client shows > me correct certificate with cert path. > > Is there a way to completely disable certificate verification for testing > purposes? it seems that both settings i tried are being ignored by http2client
Read here: https://www.eclipse.org/jetty/documentation/jetty-11/programming-guide/index.html#pg-client-http-configuration-tls -- Simone Bordet --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz _______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
