hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Certificate Validation
Date Sun, 07 Dec 2008 15:31:50 GMT
Partha Venkatavaradhan (pavenkat) wrote:
> Is it mandatory that I call Protocol.registerProtocol(). 

No, it is not.


  Because I have the following lines in my code:
> 			Protocol https = new Protocol("https", new StrictSSLProtocolSocketFactory(),  port);
> 			//Protocol.registerProtocol("https", https);
> 			client.getHostConfiguration().setHost(url.getHost(), url.getPort(), https);
> 
> The above code on Windows, doesn't perform the Hostname verification.  Only if I uncomment
the call to registerProtocol, the hostname verification is called.  But on my target linux
(IBM JRE), this call to registerProtocol results in  'Peer not verified' exception.
> 

When using a custom HostConfiguration make sure to use relative request URIs

Oleg


> Thanks in advance,
> Partha
> 
> -----Original Message-----
> From: Partha Venkatavaradhan (pavenkat) 
> Sent: Wednesday, November 26, 2008 12:02 PM
> To: HttpComponents Project
> Subject: RE: Certificate Validation
> 
> Hi,
> 
> Looks like after I included the StrictSSLProtocolSocketFactory, now even a valid certificate
like Thawte is declared as 'Peer not verfied'.  This however works on a Windows machine. 
I am testing it on a Java ME edition and there it fails.  Any clues?
> 
> Thanks,
> Partha
> 
> 
> -----Original Message-----
> From: Ortwin Gl├╝ck [mailto:odi@odi.ch] 
> Sent: Tuesday, November 18, 2008 1:34 AM
> To: HttpComponents Project
> Subject: Re: Certificate Validation
> 
> Hi Partha,
> 
> Please have a look at
> http://hc.apache.org/httpclient-3.x/sslguide.html
> and especially then
> StrictSSLProtocolSocketFactory which is referenced there.
> 
> Cheers,
> 
> Ortwin
> 
> Partha Venkatavaradhan (pavenkat) wrote:
>> Hi,
>>
>>  
>>
>> I am running a tomcat server that has  a valid certificate from Thwate.
>> In my HTTP client code I am letting the library handle the SSL
>> validation and I am not using any custom trust validation.  Now,
>> everything works fine but the problem is precisely this.  It works fine
>> even when if I specify the IP address of the server in the URL.  Since
>> the certificate is signed against my server's domain name, if I access
>> the URL with IP address I expect the library to throw exception as the
>> domain names doesn't match.  This is what precisely happens when I try
>> to access the server from a browser by typing the server's IP address
>> instead of the domain name.  I get a warning message stating that the
>> domain name and the URL that I entered doesn't match.
>>
>>  
>>
>> Is there any way I let the library explicitly validate the domain name
>> and throw me an exception in case it detects a mismatch?
>>
>>  
>>
>> Thanks,
>>
>> Partha
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message