Thanks Simone, i've set sslContextFactory.setTrustAll(true); before the client was started, and now it works
czw., 27 paź 2022 o 15:09 Simone Bordet <[email protected]> napisał(a): > Hi, > > On Thu, Oct 27, 2022 at 2:16 PM Mateusz K. <[email protected]> wrote: > > > > Hello jetty users, im trying to get http2-client and http2-server > running in my test environment. I've set my server to use SSL, just like i > did previously with http3-server: > > SslContextFactory.Server sslContextFactory = new > SslContextFactory.Server(); > > sslContextFactory.setKeyStorePath("/home/test/keystore3.p12"); > > sslContextFactory.setKeyStorePassword("passwd"); > > sslContextFactory.setCertAlias("jetty"); > > > > the sslcontextfactory is passed to the connector: > > ServerConnector connector = new ServerConnector(server, > sslContextFactory, http2); > > > > I can see that the server is starting and is using the right certificate. > > Now, on the client side i tried to use following: > > ClientConnector connector = http2Client.getClientConnector(); > > connector.getSslContextFactory().setValidateCerts(false); > > connector.getSslContextFactory().setValidatePeerCerts(false); > > CompletableFuture<Session> sessionCF = > http2Client.connect(connector.getSslContextFactory(), serverAddress,new > Session.Listener.Adapter()); > > > > Unfortunately i'm ending up with with an exception: > > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > > > My self signed cert comes with self signed CA cert, i tried adding it to > /etc/ssl/certs/java/cacerts, but result is the same. openssl s_client shows > me correct certificate with cert path. > > > > Is there a way to completely disable certificate verification for > testing purposes? it seems that both settings i tried are being ignored by > http2client > > Read here: > > https://www.eclipse.org/jetty/documentation/jetty-11/programming-guide/index.html#pg-client-http-configuration-tls > > -- > Simone Bordet > --- > Finally, no matter how good the architecture and design are, > to deliver bug-free software with optimal performance and reliability, > the implementation technique must be flawless. Victoria Livschitz > _______________________________________________ > jetty-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
