Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding more options to the SSL configuration for Server side #3282

Open
constantinos-p opened this issue Jan 24, 2025 · 2 comments
Open

Adding more options to the SSL configuration for Server side #3282

constantinos-p opened this issue Jan 24, 2025 · 2 comments
Labels
enhancement New feature or request

Comments

@constantinos-p
Copy link
Contributor

constantinos-p commented Jan 24, 2025
edited
Loading

Is your feature request related to a problem? Please describe.
The feature request is related to [https://github.com//issues/2039]

It seems that the MR that closed it did not address the symmetical issue on the Server.Config. I see the requirements say:
Add an option to directly pass objects of type javax.net.ssl.keyManagerFactory and javax.net.ssl.trustManagerFactory (both for both client and server contexts) . I do not see the server context in that commit.

More specifially we are currently doing something like this with the akka http server creating SslContext and pass it to the akka server which I think is pretty standard (shown below).

def fromConfig(config: KeystoreConfiguration): SSLContext = {
    val ks = KeyStore.getInstance(config.`type`)

    val keyStream = new FileInputStream(config.file)
   
     ks.load(keyStream, config.password.toCharArray)

    val kmf = KeyManagerFactory.getInstance("SunX509")
    kmf.init(ks, config.password.toCharArray)

    val tmf = TrustManagerFactory.getInstance("SunX509")
    tmf.init(ks)

    val sslContext: SSLContext = SSLContext.getInstance("TLSv1.2")
    sslContext.init(
      kmf.getKeyManagers,
      tmf.getTrustManagers,
      new SecureRandom
    )

    sslContext
  }

Describe the solution you'd like
We would like the symmetrical feature similar to the above mentioned feature but on the server side SSLConfig

Describe alternatives you've considered
For us this is a showstopper to moving from akka. Happy to consider solutions if you have any but we wouldn't want to fork zio-http. Open to submitting a PR ourselves.

Additional context
Add any other context or screenshots about the feature request here.
@constantinos-p constantinos-p added the enhancement New feature or request label Jan 24, 2025
@jdegoes
Copy link
Member

jdegoes commented Feb 9, 2025

cc @987Nabil let's get this one prioritized!

@constantinos-p
Copy link
Contributor Author

I have made the changes required for server side jks keystore locally. That covers most of cases with https and will unblock me.
Should I make a PR and then @987Nabil can take from there to do the truststore part?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdegoes @constantinos-p