Open otaconix opened 4 years ago
We would have to maintain backward compatibility at the very least. Compatibility is not specific to Spring Cloud Gateway, but reactor HttpClient
. You can currently customize the HttpClient
with a HttpClientCustomizer
bean currently. I'm going to mark this as waiting for votes to see if there is more interest before working on a PR given that you could add support locally via the customizer.
It is an old topic, but I need also this support of "truststore" in spring cloud gateway. My preference is the first alternative : use a property source "PropertySource"
Problem statement Spring Cloud Gateway currently supports passing in a list of filenames pointing to certificates in PEM format (property
spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
). If this list is non-empty, the certificates will be loaded, and they will be considered the only trusted certificates.Applications I work on are provided a Java KeyStore that should be used as a source of trusted certificates. I wish to use this unmodified, if at all possible. This is currently not supported by Spring Cloud Gateway.
Desired solution Support JKS and/or PKCS#12 "keystores" as a source of trusted certificates.
Considered alternatives
PropertySource
that is provided the path to a keystore as input, and solely provides thespring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
property. To do this, the input keystore must be converted to a format understood by Spring Cloud Gateway as it is currently implemented. At first glance, this seems complex.Closing comments If there's interest in this feature, I'm willing to attempt creating a PR that implements this. I'm not sure what to do with the current configuration possibility though: would we maintain two different ways of adding sources of trusted certificates, which means we'd need to merge them? Or would one replace the other?