examples: use test certs for running example-tls#5763
Conversation
| switch (args.length) { | ||
| case 2: | ||
| client = new HelloWorldClientTls(args[0], Integer.parseInt(args[1]), | ||
| buildSslContext(null, null, null)); |
There was a problem hiding this comment.
I think we still want this case. Using the default ca is good for tls.
There was a problem hiding this comment.
This case will not work, with PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Btw, I updated the usage printout for client and trustCertCollectionFilePath is not optional.
There was a problem hiding this comment.
@ejona86 I think that usecase is for advanced users who are experienced with TLS. For the first time learners, they still couldn't run that usecase successfully without extra guidance. For advanced users, they mostly like would know how to use default ca for their own project even this example doesn't show that option. So adding this option only adds complexity and distract first time learners.
There was a problem hiding this comment.
With the test server certificate it is a failure. But with a real server certificate, it would work. We want to encourage people to use the default ca when possible.
There was a problem hiding this comment.
Ok, I put back the use case of using default CA and put a note on it.
e8388d4 to
e64aa13
Compare
dapengzhang0
left a comment
There was a problem hiding this comment.
LGTM, with minor comments.
The way of generating self-signed keys and certificates in TLS example does not work, since the generated certificates does not contain Subject Alternative Names.
Generating self-sign certificates (which requires special config for subject alternative names) is quite involved and users may encounter problems doing that (#5737). For maintainability, we do not provide a separate set of certs here. We recommend users to use our test certs for running the TLS example.