axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Nicholson <rob...@elastica.com>
Subject Correct way to disable hostname verification in Axis 1.1 and JSSE 1.0.3?
Date Sun, 20 Feb 2005 17:56:34 GMT
Hi,

 From what I can see you've got two approaches but basically it looks 
like you want to avoid the hostname verifier that exists by default in 
the JSSE 1.0.3 library that simply returns false. It is not exactly 
clear to me how this is done short of using...

HttpsUrlConnection.setDefaultHostNameVerifier or AxisProperties and 
SunFakeTrustSocketFactory

It's not clear to me the relationship b/w these two approaches since I 
know that I need to avoid the JSSE throwing

throw new IOException("HTTPS hostname wrong:  should be <" + 
super.url.getHost() + ">, but cert says <" + s + ">");

via HttpsClient

..

Since we are only interested in encryption and not client 
authentication I don't think it is necessary to have a client side 
keystore. Currently my client program simply points to the truststore 
of the server.

In Axis, a socketfactory seems to be returned by a 
SocketFactoryFactory... which relys on a AxisProperties

What I don't understand is short of telling HttpsUrlConnection's 
defaulthostnameverifier to be anything other than the inner class 
HostnameVerifier which returns false how can Axis prevent the JSSE from 
executing this method and consequently having hostname verification 
fail.


Mime
View raw message