Merge pull request quarkusio#45194 from lasteris/QKS-45193

Documenting Rest Client TLS Registry usage to disable SSL
sberyozkin · Dec 19, 2024 · 084fa99 · 084fa99
2 parents 55f2a7b + b8f570c
commit 084fa99
Showing 1 changed file with 23 additions and 8 deletions.
diff --git a/docs/src/main/asciidoc/rest-client.adoc b/docs/src/main/asciidoc/rest-client.adoc
@@ -492,18 +492,33 @@ quarkus.rest-client.extensions-api.scope=jakarta.inject.Singleton
 Setting the base URL of the client is **mandatory**, however the REST Client supports per-invocation overrides of the base URL using the `@io.quarkus.rest.client.reactive.Url` annotation.
 ====
 
-=== Disabling Hostname Verification
+=== Trusting all certificates and Disabling SSL hostname verification
 
-To disable the SSL hostname verification for a specific REST client, add the following property to your configuration:
+[WARNING]
+====
+This properties set should not be used in production.
+====
+
+You can configure TLS connection of specific REST client to trust all certificates and disable the hostname verification using tls extension.
+First of all, you should configure tls configuration bucket.
 
+To trust all certificates:
 [source,properties]
 ----
-quarkus.rest-client.extensions-api.verify-host=false
+quarkus.tls.tls-disabled.trust-all=true
+----
+
+To disable SSL hostname verification:
+[source,properties]
+----
+quarkus.tls.tls-disabled.hostname-verification-algorithm=NONE
+----
+
+Finally, lets configure our REST client with apropriate tls configuration name:
+[source,properties]
+----
+quarkus.rest-client.extensions-api.tls-configuration-name=tls-disabled
 ----
-[WARNING]
-====
-This setting should not be used in production as it will disable the SSL hostname verification.
-====
 
 === HTTP/2 Support
 
@@ -2086,7 +2101,7 @@ and limitations:
 
 - the default scope of the client for the new extension is `@ApplicationScoped` while the `quarkus-resteasy-client` defaults to `@Dependent`
 To change this behavior, set the `quarkus.rest-client.scope` property to the fully qualified scope name.
-- it is not possible to set `HostnameVerifier` or `SSLContext`
+- it is not possible to set `SSLContext`
 - a few things that don't make sense for a non-blocking implementations, such as setting the `ExecutorService`, don't work
 
 == Further reading