Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty SNI - Where's ExtendedSslContextFactory?

It's really frustrating because during testing, once I figured out what I'd been screwing up, I fixed it and everything just worked.

Steve Sobol - Lobos Studios wrote:
Ok, but SSLContextFactory doesn't seem to be working either. I have two Comodo certificates in my keystore - let's call them www.a.com and www.b.com. I also have the Comodo intermediate CA certificates in the same keystore. Jetty only seems to be using www.a.com no matter which site I'm trying to pull up.

Do I need to do anything special to enable SNI?

Thanks as always,

Steve "My middle name is SNI" Sobol ;)


Joakim Erdfelt wrote:

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Fri, Jul 31, 2015 at 1:55 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
The ExtendedSslContextFactory existed as an interim Java 8 only extension for SslContextFactory, now that Jetty 9.3 is Java 8 entirely, there's no need for this class.

The roles of ExtendedSslContextFactory has been merged into SslContextFactory itself.

The documentation references is a definite bug, ugh.
Adding to documentation todos ... *grumble* *grumble*


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Fri, Jul 31, 2015 at 12:40 PM, Steve Sobol - Lobos Studios <steve@xxxxxxxxxxxxxxxx> wrote:
Hey all,

I posted a few days ago about some weird behavior regarding SNI in the latest stable version of Jetty. Seems that Jetty is only responding to HTTPS requests with the *first* certificate in my keystore, even though I have more than one valid certificate there.

In testing Bug 430951, I got everything to work *including* SNI.

So now I'm looking at this:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951#c18

"I have committed the org/eclipse/jetty/util/ssl/ExtendedSslContextFactory.java

If the KeyStore contains multiple X509 certificates, then the CN element
of the distinguished name is used to select the certificate alias to use for
a connection.  Simple wildcard names (eg *.domain.com) are supported."

But when I try this:

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.ExtendedSslContextFactory">

I get a NoClassDefFoundError, and indeed, if I check jetty-ssl.jar, that class *is* missing.

SNI doesn't work at all if I use org.eclipse.jetty.util.ssl.SslContextFactory.

Help, please? What am I missing? The official documentation even *says* I need to use ExtendedSslContextFactory. http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory


--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


Back to the top