On converting from Camel 3.x to 4.x:
1. You should get the canonicalHostName
public static String getHostName() {
try {
return
InetAddress.getLocalHost().getCanonicalHostName();
}
}
2. You should update your keystore to accept the localhost. Change the CN to
*.<name>.com. Change the SAN to www.<name>.com. If you have multiple <name>
then you will make multiple entries in the keystore.
--
Alex
-----Original Message-----
From: Fyodor Kravchenko <[email protected]>
Sent: Thursday, September 21, 2023 9:35 AM
To: [email protected]
Subject: [EXTERNAL SENDER:] Re: Jetty and the Invalid SNI
Hello,
I don't really want to use Jetty, but I'm currently migrating my project that
uses Jetty from Camel 2 via 3 to 4. I'll be able to use something different
when it starts working with Jetty so I'm able to fix every other functionality
before switching to a different web server.
Unfortunately I don't use Spring or Quarkus, but it has to be able to run
standalone for the time being. I'm looking into Undertow because it offers the
websockets like Jetty seemed to offer previously, but first I have to make
Jetty work.
On 21.09.2023 11:32, Claus Ibsen wrote:
> Hi
>
> Do you really need to use Jetty? If you use Spring Boot or Quarkus
> they come with HTTP server which you can configure for TLS/SSL more
> easier than Jetty.
>
> On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko <[email protected]> wrote:
>
>> Hello,
>>
>> I'm missing how do I set up the new Jetty in Camel 4 to let me access
>> the localhost via SSL while developing or when needed for other
>> purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
>> 400: Invalid SNI" error.
>>
>> I'm configuring the SSL as the following:
>>
>> JettyHttpComponent jetty = _camel.getComponent(JETTY,
>> JettyHttpComponent.class);
>>
>> // ssl
>> File keyStoreFile = new
>> File(_properties.getProperty("keystoreFile", "sborex.jks"));
>> if (keyStoreFile.exists()) {
>> String keystorePassword =
>> _properties.getProperty("keystorePassword", "defaultPassword");
>> SSLContextParameters scp = new SSLContextParameters();
>> KeyStoreParameters ksp = new KeyStoreParameters();
>> try (var stream =
>> Files.newInputStream(Path.of(keyStoreFile.getPath()))) {
>> KeyStore ks =
>> KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
>> ks.load(stream, keystorePassword.toCharArray());
>> ksp.setKeyStore(ks);
>> }catch(Exception e){
>> throw new RuntimeException(e);
>> }
>>
>> KeyManagersParameters kmp = new KeyManagersParameters();
>> kmp.setKeyStore(ksp);
>> kmp.setKeyPassword(_properties.getProperty("keyPassword"));
>> scp.setKeyManagers(kmp);
>> SecureRequestCustomizer src = new
>> SecureRequestCustomizer(false);
>> src.setSniRequired(false); // found this in StackOverflow.
>> Now what?
>> jetty.setSslContextParameters(scp);
>> }
>>
>> I've read somewhere that we have to switch off the SNI check for
>> Jetty through some Secure Request Customizer, but I fail to
>> understand how do I pass it to the Jetty server; or maybe there is a
>> more generic API for doing that through the JSSE?
>> https://urldefense.com/v3/__https://camel.apache.org/manual/camel-con
>> figuration-utilities.html__;!!KV6Wb-o!8aLqf3hE4j6xQVtSFey5YFtItZV8pSs
>> 8fAZDFZjgMR_60aD7A2h9ftXT4jWpd9OLqb3ksg-nAbTL$
>>
>>
>> Thanks!
>>
>>
*************************** IMPORTANT NOTE*****************************
The opinions expressed in this message and/or any attachments are those of the
author and not necessarily those of Brown Brothers Harriman & Co., its
subsidiaries and affiliates ("BBH"). There is no guarantee that this message is
either private or confidential, and it may have been altered by unauthorized
sources without your or our knowledge. Nothing in the message is capable or
intended to create any legally binding obligations on either party and it is
not intended to provide legal advice. BBH accepts no responsibility for loss or
damage from its use, including damage from virus.
******************************************************************************
