Support "trust all" SSL context in OpenJFX 14

Anirvan Sarkar powers.anirvan at gmail.com
Wed Apr 8 16:10:31 UTC 2020 

Maybe it doesn't work due to JDK-8239595. It seems that HttpClient
implementation does not use the default SSL context for its configuration
[1].

There is an RFR mail to fix this [2][3].

[1] : https://bugs.openjdk.java.net/browse/JDK-8239595
[2] : https://mail.openjdk.java.net/pipermail/net-dev/2020-March/013705.html
[3] : https://mail.openjdk.java.net/pipermail/net-dev/2020-April/013785.html

On Tue, 7 Apr 2020 at 22:33, Lior Yaffe <lior.yaffe at jelurida.com> wrote:

> I'm not sure why but it doesn't work.
>
> The only workaround I found is:
> System.setProperty("com.sun.webkit.useHTTP2Loader", "false"); // Workaround
> to support test certificate with OpenJFX 14 Webview
>
> Then use the old code which works in OpenJFX 13 and earlier.
>
> HttpsURLConnection.setDefaultSSLSocketFactory(TrustAllSSLProvider.getSslSocketFactory());
>
> HttpsURLConnection.setDefaultHostnameVerifier(TrustAllSSLProvider.getHostNameVerifier());
>
> On Tue, Apr 7, 2020 at 2:28 PM Michał Zegan <webczat_200 at poczta.onet.pl>
> wrote:
>
> > What about global SSLContext.setDefault()? maybe it doesn't apply of
> > course.
> >
> > W dniu 07.04.2020 o 13:14, Lior Yaffe pisze:
> > > Some background information on why we are facing the issue.
> > > The internal implementation of WebView changed in OpenJFX 14 to use
> > > HttpClient instead of Http(s)URLConnection. Therefore, it is no longer
> > > possible to use the following methods to set a custom SSL context
> before
> > > instantiation of a HttpsURLConnection object:
> > >
> > > HttpsURLConnection#setDefaultSSLSocketFactory
> > > HttpsURLConnection#setDefaultHostnameVerifier
> > >
> > > The only way to set a custom SSLContext to a HttpClient is to use the
> > > method HttpClientBuilder#sslContext unfortunately this method is not
> > > accessible for the Webview code.
> > >
> > > Since there is no static method on the HttpClient to set a custom
> > > SSLContext, we hereby request to introduce a public method on WebView
> (or
> > > WebEngine) for the purpose of passing a custom SSL context.
> > >
> > > <
> >
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > >
> > > Virus-free.
> > > www.avg.com
> > > <
> >
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > >
> > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> > >
> >
>


-- 
Anirvan

More information about the openjfx-dev mailing list