aledsage
commented
5 years ago @zhizhu7 thanks for reporting and the suggestion.
This is a similar (complementary) issue to https://github.com/cloudsoft/winrm4j/issues/85, where the suggestion is to support SSLContext being passed through via the builder.
My understanding of your suggestion is that we change WinRmClientBuilder and WinRmTool.Builder to allow the SSLSocketFactory to be supplied. If it is, then in initializeClientAndService we'd call tlsClientParameters.setSSLSocketFactory(sslSocketFactory). If I've misunderstood, then please shout.
I'm not sure why the SSLHandShake behaves differently in the two cases - would need to spend time digging into that.
It's supporting disableCertificateChecks which is handy when working in dev environment. I am wondering whether it's possible to support setSSLSocketFactory() for by updating the methond "initializeClientAndService" in WinRmClient ?
Also, i tried to load a certificate into a KeyStore in run time inited a SSLContext with the KeyStore, then set the DefaultSSLSocketFactory to the SSLContext before calling WinrmTool to execute a command over HTTPS. It always throw a SSLHandShake error.
But if I import the certificate into "jre/lib/security/cacerts", the SSLHandShake error is gone, and HTTPS connection is working fine.
It's weird that it's behaving differently. Thanks.