Mailing-List: contact httpclient-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "HttpClient Project" <httpclient-dev@jakarta.apache.org>
Received-SPF: pass (asf.osuosl.org: local policy)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=Nc8rcCZnsEl37s4F1RsTqxV1+vZeZ8wLruWDDDpO3GJHMrGQRkBZ77Ku9nEvt4xX0+T3XW7hH8cOr8fI60Po93T5vFYHeIO9b9c0S2Aa//O+CTQ5kH5MLtZDlKjFTf3y1UE2U0gkP/GPUo7AVrlOXcannQMF2StxLSPALw1Liw4=
  ;
Message-ID: <20060705112915.80710.qmail@web34311.mail.mud.yahoo.com>
Date: Wed, 5 Jul 2006 04:29:15 -0700 (PDT)
From: Dhanasekaran Vivekanandhan <mail2sek@yahoo.com>
Subject: Re: connecting to htttps site failed if certificate is expired
To: HttpClient Project <httpclient-dev@jakarta.apache.org>
In-Reply-To: <44AB6CA4.2080503@odi.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Dear Ortwin,
thanks for the reply.
I am done with using 
1.EasySSLProtocolSocketFactory
(http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java?view=markup)
2.EasyX509TrustManager.java
(http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java)
In the checkServerTrusted method of
EasyX509TrustManager.java , I am calling
standardTrustManager.checkServerTrusted() method only
if the expiry date is less than sysdate.
if the certificate is expired , i wont call this
method.this solves my issue that if the certificate is
expired ,it will not throw
sun.security.validator.ValidatorException:
thanks Ortwin once again for ur immediate reply.
dhanasekaran
--- Ortwin Gl�ck <odi@odi.ch> wrote:

> Hi,
> 
> This is an issue of your JSSE implementation (the
> one by Sun) and not
> HttpClient. Thus we can only offer limited support.
> 
> I guess you need to implement a suitable
> TrustManager that allows for
> this case. You may want to have a look at the
> contrib code:
>
http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> Maybe there is also a config option to achieve this.
> I don't know.
> 
> Cheers
> 
> Ortwin
> 
> Dhanasekaran Vivekanandhan wrote:
> > Hi All,
> > I am using HttpClient and GetMethod classes to
> connect
> > to a https site,but the certificate provided by
> the
> > site is expired.so I am getting the following
> > exception.Is there a way to connect to https site
> even
> > if the certificate provided by the site is expired
> > Exception:
> > ---------
> > ": sun.security.validator.ValidatorException: PKIX
> > path building failed:
> >
>
sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to
> requested target"
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > 
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org