These are chat archives for spring-cloud/spring-cloud

30th
Jan 2018
Nils Wild
@NilsWild
Jan 30 2018 00:43
@fudali113 don't do framework tests in your project. If you like to check that you send correct Dataformat to correct url you can write CDC tests with pact
Dave Syer
@dsyer
Jan 30 2018 08:25
pact? what about Spring Cloud Contract?
Or just wiremock?
Patricia Guimaraes
@pguimaraes
Jan 30 2018 19:29

@dsyer Hi Dave. I am running a Spring Cloud Config Server configured to use a self-signed SSL certificate. When I configured my Spring Boot Authorization Server (not Spring Cloud's UAA) to use this config server, I got the following error:

2018-01-30_13:29:16.349 INFO org.springframework.cloud.config.client.ConfigServicePropertySourceLocator locate - Fetching config from server at: https://localhost:8888
2018-01-30_13:29:17.084 WARN org.springframework.cloud.config.client.ConfigServicePropertySourceLocator locate - Could not locate PropertySource: I/O error on GET request for "https://localhost:8888/immport-auth-server/test": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So I searched the web for a resolution and found a couple of issues that are now closed. The issue at spring-cloud/spring-cloud-config#148 suggests configuring Git with "git config --global http.sslVerify false", but that did not seem to make a difference. The solution suggested at spring-cloud/spring-cloud-config#499 doesn't work for me either because my config server is not always deployed on localhost.

I get around this problem in my own code by using a ClientHttpRequestFactory configured to ignore SSL hostname errors (HttpComponentsClientHttpRequestFactory implementation).

I noticed that method getSecureRestTemplate at https://github.com/spring-cloud/spring-cloud-config/blob/master/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigServicePropertySourceLocator.java uses the SimpleClientHttpRequestFactory implementation.

Would it be possible to add a property to ConfigClientProperties to ignore SSL errors or somehow provide a way for people to inject their own RestTemplate instance or ClientHttpRequestFactory instance in order to get around this problem?

Thanks in advance for your help.