Major Description
When configuring TLS using properties in an OSGi container via HttpConduitConfigApplier, there is no easy way to disable TLS trust verification (for testing). For Spring + Blueprint it's easy enough to configure an insecure Trust Manager implementation, for example:
<bean id="trustManagers" class="org.apache.cxf.transport.https.InsecureTrustManager" factory-method="getNoOpX509TrustManagers"/> <http:conduit name="https://localhost:.*"> <http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers ref="trustManagers" /> </http:tlsClientParameters> </http:conduit>
This task is to add a new configuration property called "trustManagers.disableTrustVerification", which if set to "true" will call InsecureTrustManager.getNoOpX509TrustManagers under the hood, to disable TLS trust verification.
Obviously this is insecure and should only be used for testing! InsecureTrustManager prints a LOG along these lines at warning level.