hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Y <kemal...@yahoo.com>
Subject an extension suggestion... allow ssl with untrusted certs...
Date Thu, 28 Oct 2004 18:33:11 GMT
Or is there another way to do this?

I have a test machine and my cert isn't 100% kosher,
so attempting SSL fails with an "untrusted server cert
chain" message.  I have now carefully read the
HttpClient and HostConfiguration class docs, and can't
find any way around this.  I think there should be a
method -- or methods -- in HttpClient like:

setAllowUntrustedCertChain(boolean);
setAllowInvalidCertDate(boolean);
setAllowInvalidCertServerNameMatch(boolean);

The three things that are typically checked.

After all, in theory I could custom generate and sign
my own certs without compromising security; and as
long as I trust the certs I am using, why should
HttpClient necessarily care?  The default behavior
could be that all those three things are expected to
be valid, but for the developer who knows what he is
doing, why not make it a possibility to do otherwise?

Just an idea.  Sorry for not posting this on the dev
list.  I thought someone might have another workaround
for me here, which is what I'm really after.  

You folks have been kind and great.  

Thanks,
Michael




		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message