Re: [jetty-users] Trusting all certificates after upgrade to Jetty 9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Trusting all certificates after upgrade to Jetty 9

From: Melissa Mifsud <melissa.anne.mifsud@xxxxxxxxx>
Date: Thu, 17 Sep 2015 13:49:03 +1000
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Actually, I need to be more specific with the problem:

1. The application is running an embedded Jetty server.

2. Jetty is set up to as specified following the LikeJettyXML.

3. Some clients within the application may communicate to 3rd party hosts over SSL. This should not be related to any of the SSL settings for Jetty.

4. Before communicating to the 3rd party, the user may want to trust all certificates. In which case the all-trusting manager is setup (as per previous email).

5. This all worked fine before the upgrade to Jetty (9.2.13.v20150730). But I cannot understand why the upgrade would effect this since this is not making requests to the server but out to another server.

Any help would be appreciated. It seems to me this is not a Jetty problem, but I thought I would put it by the group to make sure.

Melissa

On Thu, Sep 17, 2015 at 1:37 PM, Melissa Mifsud <melissa.anne.mifsud@xxxxxxxxx> wrote:

In a recent upgrade from Jetty 8 (8.1.8.v20121106) to Jetty 9 (9.2.13.v20150730), it seems that code for trusting all SSL certificates is no longer working.

We do not always want to trust all certificates and so cannot use the SSLContextFactory(trustAll) constructor.

The SSL ServerConnector is set up as demonstrated in this example: http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java.

After the application is up and running, there may be a specific use case in which the user will need to start trusting all certificates, in which case an all-trusting TrustManager is set up:

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{

new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}

public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}

public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
}};

// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

// set flag to true so that the process is not repeated
sslDisabled = true;

Is there something specific with this version that will cause this not to work anymore?

Thanks,

Melissa

Melissa Anne Mifsud

References:
- [jetty-users] Trusting all certificates after upgrade to Jetty 9
  - From: Melissa Mifsud

Prev by Date: [jetty-users] Trusting all certificates after upgrade to Jetty 9
Next by Date: Re: [jetty-users] Dependency tree built
Previous by thread: [jetty-users] Trusting all certificates after upgrade to Jetty 9
Next by thread: [jetty-users] OutOfMemoryError
Index(es):
- Date
- Thread

Breadcrumbs