Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documenting Rest Client TLS Registry usage to disable SSL #45194

Merged
merged 1 commit into from
Dec 19, 2024
+23 −8
Merged

Documenting Rest Client TLS Registry usage to disable SSL #45194

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 23 additions & 8 deletions docs/src/main/asciidoc/rest-client.adoc
View file
Original file line number Diff line number Diff line change
@@ -492,18 +492,33 @@ quarkus.rest-client.extensions-api.scope=jakarta.inject.Singleton
Setting the base URL of the client is **mandatory**, however the REST Client supports per-invocation overrides of the base URL using the `@io.quarkus.rest.client.reactive.Url` annotation.
====

=== Disabling Hostname Verification
=== Trusting all certificates and Disabling SSL hostname verification

To disable the SSL hostname verification for a specific REST client, add the following property to your configuration:
[WARNING]
====
This properties set should not be used in production.
====

You can configure TLS connection of specific REST client to trust all certificates and disable the hostname verification using tls extension.
First of all, you should configure tls configuration bucket.

To trust all certificates:
[source,properties]
----
quarkus.rest-client.extensions-api.verify-host=false
quarkus.tls.tls-disabled.trust-all=true
----

To disable SSL hostname verification:
[source,properties]
----
quarkus.tls.tls-disabled.hostname-verification-algorithm=NONE
----

Finally, lets configure our REST client with apropriate tls configuration name:
[source,properties]
----
quarkus.rest-client.extensions-api.tls-configuration-name=tls-disabled
----
[WARNING]
====
This setting should not be used in production as it will disable the SSL hostname verification.
====

=== HTTP/2 Support

@@ -2086,7 +2101,7 @@ and limitations:

- the default scope of the client for the new extension is `@ApplicationScoped` while the `quarkus-resteasy-client` defaults to `@Dependent`
To change this behavior, set the `quarkus.rest-client.scope` property to the fully qualified scope name.
- it is not possible to set `HostnameVerifier` or `SSLContext`
- it is not possible to set `SSLContext`
- a few things that don't make sense for a non-blocking implementations, such as setting the `ExecutorService`, don't work

== Further reading