hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Y <kemal...@yahoo.com>
Subject Re: an extension suggestion... allow ssl with untrusted certs...
Date Thu, 28 Oct 2004 18:44:45 GMT
Of course, I don't necessarily mean to claim that I'm
a "developer who knows what he is doing".

For what it's worth.
--- Mike Y <kemal543@yahoo.com> wrote:

> Or is there another way to do this?
> 
> I have a test machine and my cert isn't 100% kosher,
> so attempting SSL fails with an "untrusted server
> cert
> chain" message.  I have now carefully read the
> HttpClient and HostConfiguration class docs, and
> can't
> find any way around this.  I think there should be a
> method -- or methods -- in HttpClient like:
> 
> setAllowUntrustedCertChain(boolean);
> setAllowInvalidCertDate(boolean);
> setAllowInvalidCertServerNameMatch(boolean);
> 
> The three things that are typically checked.
> 
> After all, in theory I could custom generate and
> sign
> my own certs without compromising security; and as
> long as I trust the certs I am using, why should
> HttpClient necessarily care?  The default behavior
> could be that all those three things are expected to
> be valid, but for the developer who knows what he is
> doing, why not make it a possibility to do
> otherwise?
> 
> Just an idea.  Sorry for not posting this on the dev
> list.  I thought someone might have another
> workaround
> for me here, which is what I'm really after.  
> 
> You folks have been kind and great.  
> 
> Thanks,
> Michael
> 
> 
> 
> 
> 		
>


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message