hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Partha Venkatavaradhan (pavenkat)" <paven...@cisco.com>
Subject RE: Certificate Validation
Date Tue, 18 Nov 2008 09:50:12 GMT
Thanks Ortwin !

That worked

Partha

-----Original Message-----
From: Ortwin Gl├╝ck [mailto:odi@odi.ch] 
Sent: Tuesday, November 18, 2008 1:34 AM
To: HttpComponents Project
Subject: Re: Certificate Validation

Hi Partha,

Please have a look at
http://hc.apache.org/httpclient-3.x/sslguide.html
and especially then
StrictSSLProtocolSocketFactory which is referenced there.

Cheers,

Ortwin

Partha Venkatavaradhan (pavenkat) wrote:
> Hi,
> 
>  
> 
> I am running a tomcat server that has  a valid certificate from Thwate.
> In my HTTP client code I am letting the library handle the SSL
> validation and I am not using any custom trust validation.  Now,
> everything works fine but the problem is precisely this.  It works fine
> even when if I specify the IP address of the server in the URL.  Since
> the certificate is signed against my server's domain name, if I access
> the URL with IP address I expect the library to throw exception as the
> domain names doesn't match.  This is what precisely happens when I try
> to access the server from a browser by typing the server's IP address
> instead of the domain name.  I get a warning message stating that the
> domain name and the URL that I entered doesn't match.
> 
>  
> 
> Is there any way I let the library explicitly validate the domain name
> and throw me an exception in case it detects a mismatch?
> 
>  
> 
> Thanks,
> 
> Partha
> 
> 

-- 
[web]  http://www.odi.ch/
[blog] http://www.odi.ch/weblog/
[pgp]  key 0x81CF3416
       finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message