Allow customizing ClientHttpRequestFactory including using insecure trust manager

[TimofejOv]

Hello.

I use MVC Gateway version. I try to route to HTTPS resource, but get exception:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target`

With debug on error from javax.net.ssl is this one:

I want to skip this certificate validation, so I use in application.properties: spring.cloud.gateway.mvc.http-client.ssl.use-insecure-trust-manager=true

but no reaction from Gateway on this instruction.

Configuration of the route is:

route("myRoute")
          .route(path("/my-partner/**"), https(URI.create("https://test-site/")))
          .build();`

Is this instruction implemented, o I'm missing something? If it is not implemented yet, can anyone suggest a workaround?

Thank you.

[spencergibb]

This is not implemented yet. The Gateway WebFlux Server, where you found that setting, uses reactor-netty as the only http client. The WebMVC version uses ssl bundles. I wonder if we can do it with ssl-bundles spring.cloud.gateway.mvc.http-client.ssl-bundle=<mybundle>

[spencergibb]

Looks like that function is to be added in spring boot https://github.com/spring-projects/spring-boot/issues/38920

[TimofejOv]

This is not implemented yet. The Gateway WebFlux Server, where you found that setting, uses reactor-netty as the only http client. The WebMVC version uses ssl bundles. I wonder if we can do it with ssl-bundles spring.cloud.gateway.mvc.http-client.ssl-bundle=<mybundle>

Yes, I've tried with SSL bundle and it worked for me.