Re: accepting self signed certificates

2017-05-07 Thread Gary Gregory
On Sun, May 7, 2017 at 5:28 PM, Gary Gregory wrote: > On Sun, May 7, 2017 at 4:52 PM, Remko Popma wrote: > >> Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore >> password? I wonder what other projects do to avoid putting a plaintext >> password in the configuration. >> > > Y

Re: accepting self signed certificates

2017-05-07 Thread Gary Gregory
On Sun, May 7, 2017 at 4:52 PM, Remko Popma wrote: > Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore > password? I wonder what other projects do to avoid putting a plaintext > password in the configuration. > You pass it as a char[] to the API. Remember, HC is a just an API

Re: accepting self signed certificates

2017-05-07 Thread Remko Popma
Thinking of LOG4J2-1896, how does Apache HttpCore obtain the keystore password? I wonder what other projects do to avoid putting a plaintext password in the configuration. (Shameless plug) Every java main() method deserves http://picocli.info > On May 8, 2017, at 8:41, Gary Gregory wrote: >

Re: accepting self signed certificates

2017-05-07 Thread Gary Gregory
Note: Apache HttpCore let's you do this through a TrustStrategy. But I am not suggesting we use HC, only that we consider a similar feature for 2.9. G Gary On May 7, 2017 3:06 PM, "Gary Gregory" wrote: > You have to plug in a custom trust manager into an SSL context. We do not > allow for tha

Re: accepting self signed certificates

2017-05-07 Thread Gary Gregory
You have to plug in a custom trust manager into an SSL context. We do not allow for that in our config. We could ship a TM that does that and logs a "not for production" warning. Gary On May 7, 2017 2:26 PM, "Matt Sicker" wrote: > You can import the self signed certificate into a key store and

Re: accepting self signed certificates

2017-05-07 Thread Matt Sicker
You can import the self signed certificate into a key store and configure that in the socket appender. I'm not sure if the SSL code in Java lets you just blindly accept all self-signed certificates. On 6 May 2017 at 23:21, Gary Gregory wrote: > Hi all, > > I do not see a way to configure SSL wit

accepting self signed certificates

2017-05-06 Thread Gary Gregory
Hi all, I do not see a way to configure SSL with out socket appenders to accept self-signed certificates (handy if not essential during development). Am I missing something? Gary -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition