lettuce
lettuce copied to clipboard
Make it possible to choose certificate alias for ssl connections
Feature Request
Certificate choice on ssl connections
Problem
In my application I store certificates in a common keystore. When estabilishing an ssl connection it appears that lettuce will take the first certificate it finds in the keystore to crypt the conversation, leading to server side error if the client certificate does not match.
In other words at the moment you need to dedicate one keystore only for lettuce to use.
Proposed solution
Add a "keystoreAlias" parameter in ssl option's builder.
SslOptions sslOptions = SslOptions.builder().jdkSslProvider().
.keystore(keystoreFile, keystorePassword.toCharArray())
.keystoreAlias(keystoreAlias)
.build();
client.setOptions(ClientOptions.builder().sslOptions(sslOptions).build());
client.connect();
That is the default Java behavior to pick the first key. Key selection requires a X509ExtendedKeyManager
to do so. Given the configuration and behavior possibilities of SSL/TLS APIs, I suggest introducing a customized function for the SSLContextBuilder.