Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
335 views
in Technique[技术] by (71.8m points)

scala - General SSLEngine problem akka http singleRequest version 10.2.3

I recently upgraded to akka http 10.2.3 and akka 2.6.11. I am using Http().singleRequest(_, httpsCtx) in my service to call API with https, here httpsCtx is https context. Before upgrading akka http, below code to create https context was working fine

  private def getHttpsContext: HttpsConnectionContext = {

    import com.typesafe.sslconfig.akka.AkkaSSLConfig
    import java.security.cert.X509Certificate
    import javax.net.ssl.{ KeyManager, SSLContext, X509TrustManager }

    val trustfulSslContext: SSLContext = {

      object NoCheckX509TrustManager extends X509TrustManager {
        override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
        override def checkServerTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
        override def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]()
      }
      val context = SSLContext.getInstance("TLS")
      context.init(Array[KeyManager](), Array(NoCheckX509TrustManager), null)
      context
    }

    val sslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true).withDisableHostnameVerification(true).withDisableSNI(true)))
    val ctx = Http().createClientHttpsContext(sslConfig)
    ConnectionContext.https(trustfulSslContext, ctx.sslConfig, ctx.enabledCipherSuites, ctx.enabledProtocols, ctx.clientAuth, ctx.sslParameters)
  }

After upgrade I found, Http().createClientHttpsContext and ConnectionContext.https deprecated and it suggests to use ConnectionContext.httpsClient. I re-wrote logic to accommodate these changes but it is always failing with "General SSLEngine problem".

  private def getHttpsContext: HttpsConnectionContext = {
    import java.security.cert.X509Certificate
    import javax.net.ssl.{ KeyManager, SSLContext, X509TrustManager }

    val trustfulSslContext: SSLContext = {

      object NoCheckX509TrustManager extends X509TrustManager {
        override def checkClientTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
        override def checkServerTrusted(chain: Array[X509Certificate], authType: String): Unit = ()
        override def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]()
      }
      val context = SSLContext.getInstance("TLS")
      context.init(Array[KeyManager](), Array(NoCheckX509TrustManager), null)
      context
    }
    ConnectionContext.httpsClient(trustfulSslContext)
  }

I tried above code with below akka configuration too but its not working. What is the best way to pass https context with singleRequest? I also tried "Http().outgoingConnectionHttps(unsafeHost, connectionContext = badCtx)" as mentioned here https://doc.akka.io/docs/akka-http/current/client-side/client-https-support.html. It is also failing with same "General SSLEngine problem". What could be the issue?

  akka {
    ssl-config {
      loose {
        disableHostnameVerification = true,
        acceptAnyCertificate = true,
        disableSNI = true
      }
    }
  }
question from:https://stackoverflow.com/questions/65928177/general-sslengine-problem-akka-http-singlerequest-version-10-2-3

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...