camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gareth Collins <>
Subject Make TrustManager Optional When Using SSL For Netty
Date Fri, 09 Apr 2010 01:00:16 GMT


Would it be possible to make the TrustManager optional for Netty SSL
support? I made a change in my local version of camel-netty and it works for
me (file org.apache.camel.component.netty.ssl.SSLEngineFactory - replacement
for the original SSLEngineFactory constructor):

public SSLEngineFactory(File keyStoreFile, File trustStoreFile, char[]
passphrase) throws Exception {
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(ks, passphrase);
        sslContext = SSLContext.getInstance(SSL_PROTOCOL);
        if (trustStoreFile != null)
        	KeyStore ts = KeyStore.getInstance("JKS");

        	ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);

        	TrustManagerFactory tmf =
        	sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
        	sslContext.init(kmf.getKeyManagers(), null, null);

I ask for this as I have to contact a server where SSL will not work
properly if a TrustManager is installed. If this could go in before CAMEL
2.3 it would be much appreciated.

A couple of questions about the netty implementation:

(1) Is there a reason why JKS was hardcoded here, rather than allowing the
key store format to be configured?

(2) When I add the TrustManager using netty for the connection where it
could not be used, netty throws me no exception, the connection remains
open, but the messages I send do not get to the server. If I connect
directly using an SSLSocket I see a Is
there something I am missing here?

thanks in advance,
Gareth Collins
View this message in context:
Sent from the Camel - Users mailing list archive at

View raw message