hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: WebSphere 5.1/HTTPS issue
Date Thu, 25 Aug 2005 18:12:02 GMT
Kumar,

Here's my theory. I think previously the Websphere 5.0 server used so
called self-signed certificate, which EasyProtocolSocketFactory is meant
to trust without verification. Now the Websphere 5.1 server is using a
certificate signed by a certificate authority not trusted by the
standard TrustManager. EasyProtocolSocketFactory delegates verification
of non-self-signed certificates to the standard TrustManager, hence
"unknown certificate" exception.

See the HttpClient SSL guide for details [1]. You may especially want to
take a look at the AuthSSLProtocolSocketFactory and use it (or derive
your own implementation from it) to configure the SSL context the way
you want

Oleg
[1] http://jakarta.apache.org/commons/httpclient/sslguide.html


On Thu, 2005-08-25 at 10:57 -0700, KOTA, KUMAR (SBCSI) wrote:
> Hi Oleg,
> 
>    Yes that is right, I have a class that implements the
> SecureProtocolSocketFactory, and in turn I set that class as te protocol
> for https calls.
> 
> Kumar Kota
> SBC Information Technology
> kk9142@sbc.com
> (925) 901-6898
> 
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: Thursday, August 25, 2005 10:51 AM
> To: HttpClient Project
> Subject: Re: WebSphere 5.1/HTTPS issue
> 
> 
> Kumar,
> 
> You are using the EasyProtocolSocketFactory or some code of your own
> derived from it?
> 
> Oleg
> 
> 
> On Thu, 2005-08-25 at 10:03 -0700, KOTA, KUMAR (SBCSI) wrote:
> > Hi All,
> > 
> >     HTTPS calls using WebSphere Application server 5.0 was working
> with
> > HTTPClient.  However, once we migrated to WebSphere Application Server
> > 5.1, we keep receiving "SSLException: unknown certificate" error for
> > HTTPS calls.  I was wondering if this is a known issue of some sort?
> > And if there are any fixes available for this?
> > 
> > Thank you,
> > Kumar Kota
> > 
> > 
> > 
> > -----Original Message-----
> > From: Eric Johnson [mailto:eric@tibco.com] 
> > Sent: Thursday, August 25, 2005 9:56 AM
> > To: HttpClient Project
> > Subject: Re: Important things to discuss. Please make your opinion
> known
> > 
> > 
> > Oleg Kalnichevski wrote:
> > 
> > >Folks,
> > >
> > >There are three issues that I think we need to discuss:
> > >
> > >(1) I inquired with the Jakarta PMC regarding the possibility of the
> > project name change (Jakarta HttpClient -> Jakarta Http). The reaction
> > was overwhelming negative, primarily due to high likelihood of
> branding
> > conflict with Apache HTTPD, which is a very valid point. We have
> several
> > options here: 
> > >
> > >(1.1) leave Jakarta and join another TLP (either Apache Tomcat or
> > Apache HTTPD) where _might_ be permitted to call the project jHTTP or
> > some such sort
> > >(1.2) stay with Jakarta and try to come up with a radically different
> > project name
> > >  
> > >
> > I like Roland's suggestion of HTTP Agent (or is that HttpAgent?).  I 
> > like Haiku as well, although that isn't self-explanatory, so it would
> be
> > 
> > my second choice.  I'm not coming up with any better altenatives.
> > 
> > >(1.3) essentially do nothing and keep the same name. In this case we
> > are likely to not be permitted to release any lightweight HTTP server
> or
> > proxy under Jakarta name
> > >
> > >(2) Migration to JIRA. This finally can happen and happen very soon.
> > The question is if we still want it. If yes, might have to decide on
> the
> > project name before the migration takes place
> > >  
> > >
> > Since it appears that Bugzilla has finally gotten some attention and 
> > badly needed upgrades, and HttpClient (or whatever we call it) is 
> > finally a top-level project in Bugzilla, it seems like switching now 
> > would provide minimal benefits, and might cause a major hassle.  All
> the
> > 
> > email archives that currently refer to bugzilla bugs with URLs would
> be 
> > broken, for example.
> > 
> > >(3) 3.0 release. 3.0rc3 have not had any major bugs reported for
> quite
> > some time. Do we want to release another RC4 before the final release
> or
> > not?
> > >
> > >  
> > >
> > I suggest doing an RC4, waiting a few weeks (or just two), and then 
> > declare it final, assuming no bugs arise.
> > 
> > >Please let me know what you think. Everyone is very welcome to throw
> in
> > their ideas
> > >  
> > >
> > Consider them thrown!
> > 
> > -Eric.
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message