boaks commented on PR #12769: URL: https://github.com/apache/camel/pull/12769#issuecomment-1913517747
> The test routes: [CoAPComponentTLSTestBase.java#L216](https://github.com/apache/camel/blob/5a3524e645de92dbb153e2202a58692601459c2a/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTestBase.java#L216) ("direct:start", "direct:selfsigned", "direct:clientauth", "direct:ciphersuites") I'm not common to this test system. Which side is using the "selfsigned certificate"? I guess the client. How is the server intended to trust that? Is that "client-selfsigned-certificate" added to the server's trust? Some Californium details about that trust handling: For TLS Californium uses a "TrustManager". The JCE implementation requires then the "selfsigned certificate" to be added in order to trust it. For DTLS, more or less for testing and historical reasons, we use `null` for "trust none", and `new X509Certificate[0]` for "trust all". But if you pass that `new X509Certificate[0]` to the standard java JCE TrustManager, I guess this will be "trust none". In order to overcome that, again only for tests, Californium offers "SslContextUtil.createTrustAllManager()". Anyway, I guess, before mixing the "test only" approach into real code, it's better to ensure, that the "selfsigned certifcate" are added to the trust of the other side. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
