It's really frustrating because during testing, once I figured out what
I'd been screwing up, I fixed it and everything just worked.
Steve Sobol - Lobos Studios wrote:
Ok, but SSLContextFactory doesn't seem to be working either. I have
two Comodo certificates in my keystore - let's call them www.a.com and
www.b.com. I also have the Comodo intermediate CA certificates in the
same keystore. Jetty only seems to be using www.a.com no matter which
site I'm trying to pull up.
Do I need to do anything special to enable SNI?
Thanks as always,
Steve "My middle name is SNI" Sobol ;)
Joakim Erdfelt wrote:
Filed issue for documentation -
https://bugs.eclipse.org/bugs/show_bug.cgi?id=474067
Joakim Erdfelt / [email protected] <mailto:[email protected]>
On Fri, Jul 31, 2015 at 1:55 PM, Joakim Erdfelt <[email protected]
<mailto:[email protected]>> wrote:
The ExtendedSslContextFactory existed as an interim Java 8 only
extension for SslContextFactory, now that Jetty 9.3 is Java 8
entirely, there's no need for this class.
The roles of ExtendedSslContextFactory has been merged into
SslContextFactory itself.
Part of commit
https://github.com/eclipse/jetty.project/commit/c5e4abd792e7ed3f5e086d9835b25c5b93afe3d5
The documentation references is a definite bug, ugh.
Adding to documentation todos ... *grumble* *grumble*
Joakim Erdfelt / [email protected] <mailto:[email protected]>
On Fri, Jul 31, 2015 at 12:40 PM, Steve Sobol - Lobos Studios
<[email protected] <mailto:[email protected]>> wrote:
Hey all,
I posted a few days ago about some weird behavior regarding
SNI in the latest stable version of Jetty. Seems that Jetty
is only responding to HTTPS requests with the *first*
certificate in my keystore, even though I have more than one
valid certificate there.
In testing Bug 430951, I got everything to work *including* SNI.
So now I'm looking at this:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951#c18
"I have committed the
org/eclipse/jetty/util/ssl/ExtendedSslContextFactory.java
If the KeyStore contains multiple X509 certificates, then the
CN element
of the distinguished name is used to select the certificate
alias to use for
a connection. Simple wildcard names (eg *.domain.com
<http://domain.com>) are supported."
But when I try this:
<Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.ExtendedSslContextFactory">
I get a NoClassDefFoundError, and indeed, if I check
jetty-ssl.jar, that class *is* missing.
SNI doesn't work at all if I use
org.eclipse.jetty.util.ssl.SslContextFactory.
Help, please? What am I missing? The official documentation
even *says* I need to use ExtendedSslContextFactory.
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
--
Lobos Studios - Website and Mobile App Design & Development;
IT Support; Computer Maintenance
Toll Free 877.919.4WEB - Apple Valley 760.684.8859
<tel:760.684.8859> - Los Angeles 310.945.2410
<tel:310.945.2410> - Cleveland 216.242.4010 <tel:216.242.4010>
www.LobosStudios.com <http://www.LobosStudios.com> *
www.facebook.com/LobosStudios
<http://www.facebook.com/LobosStudios> * @LobosStudios
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
--
Lobos Studios - Website and Mobile App Design & Development; IT
Support; Computer Maintenance
Toll Free 877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles
310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios
--
Lobos Studios - Website and Mobile App Design & Development; IT Support;
Computer Maintenance
Toll Free 877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles
310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
