Hi Gareth, Thanks for the feedback... I developed and checked in this component a few weeks ago.
I have created a new Jira issue to record this request and will fix these in the coming days. Please find link below https://issues.apache.org/activemq/browse/CAMEL-2625 https://issues.apache.org/activemq/browse/CAMEL-2625 The issue 2 is a little unclear to me... Could you please let me know how to reproduce this issue or send me a testcase... Cheers, Ashwin... Gareth Collins wrote: > > Hello, > > Would it be possible to make the TrustManager optional for Netty SSL > support? I made a change in my local version of camel-netty and it works > for me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - > replacement for the original SSLEngineFactory constructor): > > public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[] > passphrase) throws Exception { > super(); > > KeyStore ks = KeyStore.getInstance("JKS"); > > ks.load(IOConverter.toInputStream(keyStoreFile), passphrase); > > KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); > kmf.init(ks, passphrase); > > sslContext = SSLContext.getInstance(SSL_PROTOCOL); > > > if (trustStoreFile != null) > { > > KeyStore ts = KeyStore.getInstance("JKS"); > > ts.load(IOConverter.toInputStream(trustStoreFile), passphrase); > > TrustManagerFactory tmf = > TrustManagerFactory.getInstance("SunX509"); > tmf.init(ts); > sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), > null); > } > else > { > sslContext.init(kmf.getKeyManagers(), null, null); > } > } > > I ask for this as I have to contact a server where SSL will not work > properly if a TrustManager is installed. If this could go in before CAMEL > 2.3 it would be much appreciated. > > A couple of questions about the netty implementation: > > (1) Is there a reason why JKS was hardcoded here, rather than allowing the > key store format to be configured? > > (2) When I add the TrustManager using netty for the connection where it > could not be used, netty throws me no exception, the connection remains > open, but the messages I send do not get to the server. If I connect > directly using an SSLSocket I see a javax.net.ssl.SSLHandshakeException. > Is there something I am missing here? > > thanks in advance, > Gareth Collins > ----- --- Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence Progress Software Corporation 14 Oak Park Drive Bedford, MA 01730 --- +1-972-304-9084 (Office) +1-972-971-1700 (Mobile) ---- Blog: http://opensourceknowledge.blogspot.com/ -- View this message in context: http://old.nabble.com/Make-TrustManager-Optional-When-Using-SSL-For-Netty-tp28186386p28186822.html Sent from the Camel - Users mailing list archive at Nabble.com.
