Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable Server Name Indication Support - Initial / Reference commit
This is on a different branch than the [Python/Ruby SNI mods][1] just to make testing easier for myself. I.e. I had code that worked with the 2.3.3 driver where as the recent [Jackson changes][2] broke that. However, the underlying SNI changes will work with the Next branch. This includes some commented out printlns that ultimately need removing, but they were for my debugging and I don't want to forget that. Enabling SNI itself is easy, the tricky bit for me was modifying a test app to work with it. You have to use the SSLContext option similar to [here][3]. For testing I've just used a null sslContext: private static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2"; ... Connection conn = null; Connection.Builder builder = r.connection(). hostname(host). port(port). authKey(authKey); final SSLContext sslContext = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL); sslContext.init(null, null, null); conn = builder.sslContext(sslContext).connect(); [1]: https://github.com/atomicules/rethinkdb/commits/sni [2]: rethinkdb#6157 [3]: https://github.com/pires/rethinkdb-ssl-test/blob/master/src/main/java/com/github/pires/App.java#L70
- Loading branch information
771f34d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Trying to decide if
sslContext.init(null, null, null);
is valid or not.I can see that specifying a trust manager might be useful, but as far as I can tell specifying a trust manager always references a key store, I.e: Here and here.
Also, as per the init description here:
it implies it picks up the system defaults if null. Well, at least I think that is what it is saying.
771f34d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Eventually verified this with
-Djavax.net.debug=SSL,trustmanager
(had to fight gradle) and it is using the default trust manager and everything is hunkydory here. Yay!