[jboss-remoting-issues] [JBoss JIRA] (JBREM-1306) Remoting tries to create SSLSocketFactory even when not desired
Ron Sigal (JIRA)
jira-events at lists.jboss.org
Mon Jul 16 22:50:06 EDT 2012
[ https://issues.jboss.org/browse/JBREM-1306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12706264#comment-12706264 ]
Ron Sigal commented on JBREM-1306:
----------------------------------
There is a new configuration parameter: org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.USE_DEFAULT_SSL_SOCKET_FACTORY (actual value "useDefaultSslSocketFactory"). If it is set to true, then HTTPSClientInvoker.createSocketFactory() will call HttpsURLConnection.getDefaultSSLSocketFactory() instead of trying to build a SocketFactory.
Unit test: org.jboss.test.remoting.transport.http.ssl.socketfactory.DefaultSocketFactoryTestCase. Waiting for results in jenkins.
> Remoting tries to create SSLSocketFactory even when not desired
> ---------------------------------------------------------------
>
> Key: JBREM-1306
> URL: https://issues.jboss.org/browse/JBREM-1306
> Project: JBoss Remoting
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 2.2.4, 2.5.4.SP3
> Reporter: Kyle Lape
> Assignee: Ron Sigal
> Priority: Minor
> Fix For: 2.2.4.SP1, 2.5.4.SP4
>
>
> Running the following code is an alternative way to set the keystore/truststore in a remoting client:
> {noformat}
> KeyStore ksTrust = KeyStore.getInstance("JKS");
> ksTrust.load(new FileInputStream("testTrust"), passphrase);
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance("SunX509");
> tmf.init(ksTrust);
> SSLContext sslContext = SSLContext.getInstance("TLS");
> sslContext.init(null, tmf.getTrustManagers(), null);
> HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
> {noformat}
> When this code is added, Remoting should not try to create its own {{SSLSocketFactory}}. Currently there is no way to tell Remoting to not try. This causes a confusing ERROR message:
> {noformat}
> Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.
> {noformat}
> After this message is logged, the client still works because it falls back to the default {{SSLSocketFactory}} (that was already set).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list