Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow HttpServerOptionsCustomizer to set KeyManager and TrustManager for HTTPS server #27682

Merged

Conversation

tsaarni
Copy link
Contributor

@tsaarni tsaarni commented Sep 2, 2022

This change allows the application to use the HttpServerOptionsCustomizer mechanism to set their own KeyManager and TrustManager to Vert.x. That is achieved by simply moving the check to disable TLS (in absense of server certificate & key) from before the customizer call to after the call.

Without this change the HttpServerOptionsCustomizer.customizeHttpsServer() method is not called unless certificate and key were already defined in quarkus.http.ssl.certificate.* config options. Setting the config option is not desirable when the application wants to customize the HTTPS server by setting its own KeyManager. In that case quarkus.http.ssl.certificate.* options are not applicable, since Quarkus is not in control of setting the server credentials.

Example use case that is enabled by this PR: Application sets custom KeyManager that supports certificate hot-reload without restarting the server (xref #15926).

Fixes #27481

This change allows application to set its own KeyManager and TrustManager to
Vert.x by delaying the check to disable TLS (in absense of certificate&key)
to be done after the call to HttpServerOptionsCustomizer, instead of before.
@quarkus-bot

This comment has been minimized.

@cescoffier cescoffier merged commit 2d7b4f0 into quarkusio:main Sep 4, 2022
@quarkus-bot quarkus-bot bot added this to the 2.13 - main milestone Sep 4, 2022
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Sep 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/vertx kind/enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Let user to provide own KeyManager and TrustManager for HTTPS server
2 participants