hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: SSL Problems with HttpClient
Date Sun, 03 Jun 2007 10:08:03 GMT
Hello Thomas,

thanks for sharing this information.

> But in the code there is (EasyX509TrustManager.java):
> 
> if ((certificates != null) && (certificates.length == 1)) {
>  certificates[0].checkValidity();
> } else {
>  standardTrustManager.checkServerTrusted(certificates,authType);
> }
> 
> If you self-sign the certificate this is ok, but if you use certificates
> from e.g. cacert.org you'll still get errors because there are 2
> certificates to validate

The EasyX509TrustManager is specifically meant to be used in
test and development environments, that is with self-signed
toy certificates. If you have real certificates, you should
use a real trust manager instead of EasyXTM. Take a look at
AuthSSLX509TrustManager, it does loop over certificates:

http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?view=markup


cheers,
  Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message