hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: an extension suggestion... allow ssl with untrusted certs...
Date Thu, 28 Oct 2004 18:48:52 GMT
Mike,

Have you tried using EasySSLProtocolSocketFactory or 
AuthSSLProtocolSocketFactory socket factories?

http://cvs.apache.org/viewcvs.cgi/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/?only_with_tag=HTTPCLIENT_2_0_BRANCH

For details on customizing SSL in HttpClient see

http://jakarta.apache.org/commons/httpclient/sslguide.html

Hope this helps

Oleg

On Thu, 2004-10-28 at 20:33, Mike Y wrote:
> Or is there another way to do this?
> 
> I have a test machine and my cert isn't 100% kosher,
> so attempting SSL fails with an "untrusted server cert
> chain" message.  I have now carefully read the
> HttpClient and HostConfiguration class docs, and can't
> find any way around this.  I think there should be a
> method -- or methods -- in HttpClient like:
> 
> setAllowUntrustedCertChain(boolean);
> setAllowInvalidCertDate(boolean);
> setAllowInvalidCertServerNameMatch(boolean);
> 
> The three things that are typically checked.
> 
> After all, in theory I could custom generate and sign
> my own certs without compromising security; and as
> long as I trust the certs I am using, why should
> HttpClient necessarily care?  The default behavior
> could be that all those three things are expected to
> be valid, but for the developer who knows what he is
> doing, why not make it a possibility to do otherwise?
> 
> Just an idea.  Sorry for not posting this on the dev
> list.  I thought someone might have another workaround
> for me here, which is what I'm really after.  
> 
> You folks have been kind and great.  
> 
> Thanks,
> Michael
> 
> 
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message