hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL related question on trust- and keymaterial
Date Thu, 12 Oct 2017 09:06:51 GMT
On Wed, 2017-10-11 at 17:27 +0200, Mitchell Stevenson wrote:
> I use httpcore 4.4.4 together with mutual ssl.
> 
> I load the key material in that way:
> 
> KeyStore trustStore = ...;
> sslContextBuilder.loadTrustMaterial(trustStore, null);
> 
> Question is: If there are more than one aliases with different
> trusted
> certs in the keystore would then all of them be trusted or just the
> first one? Can not find this info in the docs. It also seems not to
> be
> possible to specify a single alias.
> 

As far as I understand all of them would be considered trusted but this
may depend on the JSSE provider. With the default Oracle JSSE
implementation one cannot influence alias selection for trust material.


> The keymaterial for mutual ssl is loaded like:
> 
> sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new
> PrivateKeyStrategy() {
>     @Override
>     public String chooseAlias(Map<String, PrivateKeyDetails> aliases,
> Socket socket) {
>         if(aliases == null || aliases.isEmpty()) {
>             return kAlias;
>          }
>          if(kAlias == null || kAlias.isEmpty()) {
>              return aliases.keySet().iterator().next();
>           }
>           return kAlias;
>     }
> });
> 
> Here i like to load only keymatrial for one specific alias (kAlias)
> or
> the first one if not given. I don't know if the code above is really
> correct. I am also wondering whats the default if PrivateKeyStrategy
> is not given.
> 

I suspect it is also JSSE provider specific.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message