Comments (4)
Thanks for your quick response!
I don't know why it doesn't work on my machine but at least I'm using the library correctly :D
I just tried the example on my home computer and it works fine, so I guess there's something wrong on my work computer. I'll try to find out what, thanks again for your help!
from sslcontext-kickstart.
Great to hear @Athou!
You also mentioned the following:
I however am not sure how to use it, all examples load both a trust material and an identity material, and I only have a public certificate in the pem format. I thought I'd be able to just call
Adding the identity material is only needed when the server is requesting the client to identify itself, also named mutual authentication or two-way-ssl. In that case you can load the private key and the certificate chain into a keymanager and supply it to the sslfactory and hand it over to your http client. Your setup is required one-way-ssl and the SSLFactory configuration for that use case is good and well configured!
Feel free to ask anything or if you get stuck!
Good luck by the way!
Thanks for the clarification!
Regarding the exception, I have Oracle JDK 1.8.0_192 on my work machine. I downloaded the latest OpenJDK version (8u282) and it works fine with that version. It may be a JDK bug then.
from sslcontext-kickstart.
Hi Jérémie
Really nice to hear that this library is exactly what you are looking for! And thank you for sharing an example project, this makes it really easy to debug and help you.
I have cloned your project and tried it locally. The setup looks good to me. I am not getting the same exception as you, for me it is working and I am getting a 200 response. I am using Mac, so I thought it might behave differently for windows. I added a build script to run your project on a linux and windows environment and everything is still working, see here for the build report: https://github.com/Hakky54/ssl-test/runs/1808227852
I didn't changed your code, it is exactly the same as I forked it. I am using oracle jdk 1.8.241 with maven 3.6.3 and I also tried maven 3.5.0 and that also worked. What you can try is maybe not setting the ssl material at the root level but at the specific connection level. So try changing the following snippet:
from:
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory.getSslSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(sslFactory.getHostnameVerifier());
to:
HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setSSLSocketFactory(sslFactory.getSslSocketFactory());
httpsConnection.setHostnameVerifier(sslFactory.getHostnameVerifier());
To be able to set it at connection level you first need to cast your connection to HttpsURLConnection
instead of HttpURLConnection
from sslcontext-kickstart.
Great to hear @Athou!
You also mentioned the following:
I however am not sure how to use it, all examples load both a trust material and an identity material, and I only have a public certificate in the pem format. I thought I'd be able to just call
Adding the identity material is only needed when the server is requesting the client to identify itself, also named mutual authentication or two-way-ssl. In that case you can load the private key and the certificate chain into a keymanager and supply it to the sslfactory and hand it over to your http client. Your setup is required one-way-ssl and the SSLFactory configuration for that use case is good and well configured!
Feel free to ask anything or if you get stuck!
Good luck by the way!
from sslcontext-kickstart.
Related Issues (20)
- Dependency on bcpkix-jdk15on introduces vulnerability CVE-2023-33201 HOT 2
- Disable "Acceptable client certificate CA names" on MTLS client connect.
- Hostname verifier doesn't work with JDK Http Client HOT 4
- No available authentication scheme HOT 8
- Add Support For `withoutProtocols` + `withoutCiphers` HOT 3
- Question about Classic Configuration Migration HOT 18
- When using pem utils v8.2.0 dependency in android, Duplicate class error in org.bouncycastle HOT 3
- Loading the keystore takes a very long time in some rare cases HOT 9
- JDK9+ jdeps error HOT 6
- Implementing Dynamic SSL Pinning Using Base64 Encoded Server Certificate? HOT 6
- PKIX path building failed (client-side) when using certificates from Let's Encyrpt HOT 9
- aarch64 macOS runner support HOT 6
- FTPs - None of the TrustManagers trust this certificate chain HOT 3
- Loading of System-Certificates takes long or forever when USB-Token Software is installed. HOT 8
- Trust Anchor not found on Android HOT 10
- Remove too verbose logs when loading system certificates HOT 7
- LoggingX509ExtendedTrustManager should log CertificateException HOT 3
- Add abiilty to load JDK cacerts file HOT 6
- Is SSLFactory thread safe? HOT 2
- Remove `bouncycastle` deps for `sslcontext-kickstart-for-pem` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslcontext-kickstart.