cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [C3] How to/where to disable certificate check accessing HTTPS
Date Fri, 10 Sep 2010 18:17:10 GMT
Hash: SHA1


On 9/10/2010 4:05 AM, Andrei Lunjov wrote:
> Hi Jos,
> I just try to do:
> <map:generate src="https://asite.with.invalid.cert/some/resource"/>
> And if I remember
> right throws an exception.
> Cert is invalid, so adding it trust store is questionable.
> I'd like to ignore the cert check at all, something like this:
> And it's a big question for me what would be a best way add this
> modification, preferably so I can switch cert check on and off for
> different resources.

The code below will disable SSL checking for /all/ resources, and can
easily be put into a ServletContextListener in order to modify the SSL
cert checking behavior for a webapp at startup (that is, it's relatively
easy to just slap this into an existing Cocoon installation).

    public static void disableSSLCertificateChecking()
        throws NoSuchAlgorithmException, KeyManagementException
        TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                public void checkClientTrusted(X509Certificate[] certs,
                                               String authType) {
                public void checkServerTrusted(X509Certificate[] certs,
                                               String authType) {

        SSLContext sc = SSLContext.getInstance("SSL");

        sc.init(null, trustAllCerts, new;


As I mentioned, this won't help with the resource-specific connections.

The code above could be adapted to work inside a generator in order to
exempt that single resource from SSL certificate checking. Maybe I'll
take a look at the Cocoon code and propose a patch if it's useful.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message