Public certificates should not have to be supplied as they should be picked up from the jvm

[davidradl]

During #91 I was testing against a rest end point. The rest call was successful if issued with curl, but failed the ssl handshake in this connector. The reason it fails is

flink-http-connector/src/main/java/com/getindata/connectors/http/internal/security/SecurityContext.java

Line 68 in 05d3b47

KeyStore keystore = KeyStore.getInstance(JKS_STORE_TYPE);

. When no certs are supplied it creates a strange SSLContext.

If we do not supply an SSLContext on this line then the public certs are picked up.

I suggest we either change the default behaviour in the absence of supplied certs to not supply an SSLContext or if there is some reason to have this SSLContext then introduce a flag use_public_certs to toggle this behaviour.

[kristoffSC]

Hi yeah, that is a good finding.
The reason why the SSL context is created regardless whether custom certs are defined or not was -> to make code simpler I guess, where "simpler" is probably subjective :)

We can:

1. not to create SSL context if custom cert is not defined
2. create it always but use Java's default, build in key store.

I personally would try with option 2, but Im ok with option 1 also.

[davidradl]

@kristoffSC Links to pr that will close this issue #128