-
Notifications
You must be signed in to change notification settings - Fork 446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Mutual SSL Authentication #904
Comments
At least it's possible to override the ApacheHttpTransport.newDefaultHttpClientBuilder()
.setSSLSocketFactory(null) // creates new factory with the SSLContext given below
.setSSLContext(SslUtils.trustAllSSLContext())
.setSSLHostnameVerifier(new NoopHostnameVerifier()); |
ApacheHttpTransport is deprecated and scheduled to be removed in about a year. |
I have some context. This is when using Jib, which uses the new v2 |
In any case, I think the general question as to whether it should have used |
This should be available in 1.38.0 |
Fixes #904 Source-Author: Neenu Shaji <Neenu1995@users.noreply.github.com> Source-Date: Wed Mar 24 15:50:02 2021 -0400 Source-Repo: googleapis/synthtool Source-Sha: bb854b6c048619e3be4e8b8ce8ed10aa74ea78ef Source-Link: googleapis/synthtool@bb854b6
* changes without context autosynth cannot find the source of changes triggered by earlier changes in this repository, or by version upgrades to tools such as linters. * chore(java): detect sample-secrets in build.sh Fixes googleapis#904 Source-Author: Neenu Shaji <Neenu1995@users.noreply.github.com> Source-Date: Wed Mar 24 15:50:02 2021 -0400 Source-Repo: googleapis/synthtool Source-Sha: bb854b6c048619e3be4e8b8ce8ed10aa74ea78ef Source-Link: googleapis/synthtool@bb854b6 * chore: remove staging bucket v2 not needed since we removed v2 solution - googleapis/synthtool#964 Source-Author: Emily Ball <emilyball@google.com> Source-Date: Mon Mar 29 14:47:37 2021 -0700 Source-Repo: googleapis/synthtool Source-Sha: 572ef8f70edd9041f5bcfa71511aed6aecfc2098 Source-Link: googleapis/synthtool@572ef8f
….8 (googleapis#904) [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.jacoco:jacoco-maven-plugin](https://www.jacoco.org/jacoco/trunk/doc/maven.html) ([source](https://togithub.com/jacoco/jacoco)) | `0.8.7` -> `0.8.8` | [![age](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/compatibility-slim/0.8.7)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/maven/org.jacoco:jacoco-maven-plugin/0.8.8/confidence-slim/0.8.7)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>jacoco/jacoco</summary> ### [`v0.8.8`](https://togithub.com/jacoco/jacoco/releases/v0.8.8) [Compare Source](https://togithub.com/jacoco/jacoco/compare/v0.8.7...v0.8.8) ##### New Features - JaCoCo now officially supports Java 17 and 18 (GitHub [#​1282](https://togithub.com/jacoco/jacoco/issues/1282), [#​1198](https://togithub.com/jacoco/jacoco/issues/1198)). - Experimental support for Java 19 class files (GitHub [#​1264](https://togithub.com/jacoco/jacoco/issues/1264)). - Part of bytecode generated by the Java compilers for assert statement is filtered out during generation of report (GitHub [#​1196](https://togithub.com/jacoco/jacoco/issues/1196)). - Branch added by the Kotlin compiler version 1.6.0 and above for "unsafe" cast operator is filtered out during generation of report (GitHub [#​1266](https://togithub.com/jacoco/jacoco/issues/1266)). - Improved support for multiple JaCoCo runtimes in the same VM (GitHub [#​1057](https://togithub.com/jacoco/jacoco/issues/1057)). ##### Fixed bugs - Fixed `NullPointerException` during filtering (GitHub [#​1189](https://togithub.com/jacoco/jacoco/issues/1189)). - Fix range for debug symbols of method parameters (GitHub [#​1246](https://togithub.com/jacoco/jacoco/issues/1246)). ##### Non-functional Changes - JaCoCo now depends on ASM 9.2 (GitHub [#​1206](https://togithub.com/jacoco/jacoco/issues/1206)). - Messages of exceptions occurring during analysis or instrumentation now include JaCoCo version (GitHub [#​1217](https://togithub.com/jacoco/jacoco/issues/1217)). </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/google-auth-library-java).
It seems that the current implentations for SSL request do not support Mutual SSL authentication. Current outgoing requests do not use the
javax.net.ssl.keyStore
when making requests, which prevents the 2-way ssl handshake from going through.The
Apache ApacheHttpTransport(UPDATE: this should really have been referred to v2ApacheHttpTransport
, although the same question applies to v1. see #904 (comment)) not usinggetSystemSocketFactory
. That version takes into account thejavax.net.ssl
properties, and would most likely allow for the 2way ssl connection to complete. Is there a reason this is not being used?The text was updated successfully, but these errors were encountered: