hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Contay <con...@gmail.com>
Subject Re: SSL Problems with HttpClient
Date Sun, 03 Jun 2007 18:59:02 GMT
was this message mean for someone else?

On 6/3/07, Roland Weber <ossfwot@dubioso.net> wrote:
>
> Hello Thomas,
>
> thanks for sharing this information.
>
> > But in the code there is (EasyX509TrustManager.java):
> >
> > if ((certificates != null) && (certificates.length == 1)) {
> >  certificates[0].checkValidity();
> > } else {
> >  standardTrustManager.checkServerTrusted(certificates,authType);
> > }
> >
> > If you self-sign the certificate this is ok, but if you use certificates
> > from e.g. cacert.org you'll still get errors because there are 2
> > certificates to validate
>
> The EasyX509TrustManager is specifically meant to be used in
> test and development environments, that is with self-signed
> toy certificates. If you have real certificates, you should
> use a real trust manager instead of EasyXTM. Take a look at
> AuthSSLX509TrustManager, it does loop over certificates:
>
>
> http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?view=markup
>
>
> cheers,
> Roland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message