-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Breaking change in 0.15.1 regarding ApnsClient, ApnsClientBuilder #951
Comments
Sorry to hear that this has been a problem for you. Slipping in a breaking change was a mistake, and was not intentional; I should have caught it before shipping. That said, I'm hesitant to make |
So far, we were able to extend the ApnsClient to modify its behaviour. Now that the constructor only accepts a package-private ApnsClientConfiguration instance, it's no longer the case. We have IT security policies where some cipher suites are stongly recommended for example. Regarding the dynamic trust manager, we can update trusted certificates for all our services from a central service, so for us, statically adding trusted certificates is not enough. What we have acutally done is that we extended the ApnsClientBuilder to add the capability to configure a trust manager directly and then we simply modified the build() method to take this into account when constructing the SSLContext.
Letting users set their own trust manager would equally solve this for us.
|
Okay; thanks for the added context. Let me think on this a bit. I think this is fundamentally incompatible with some of what we're trying to do to get multi-credential clients in play, but maybe not. I hesitate to expose Like I said, though: let me think about it and see what I can come up with. |
We do have a magic TrustManager, which actually reloads trusted certificates from a central service, creating an in-memory KeyStore from them and instantiating a matching TrustManager every time there is a change. Here's a generic example:
|
Hi,
We tried upgrading from 0.15.0 to 0.15.1 and we are observing a breaking change in the API of the ApnsClientBuilder / ApnsClient.
We extended these classes to be able to configure our own SSLContext, which is allowing us to use a dynamic trust manager or the cipher suites of our own choice.
In 0.15.1, the way to pass an SSLContext to the ApnsClient is via the new ApnsClientConfiguration which is package-private.
Would it be possible to make ApnsClientConfiguration public instead so that our code can keep working?
Thanks.
The text was updated successfully, but these errors were encountered: