hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raul Acevedo <r...@cantara.com>
Subject Re: how to do client authentication
Date Thu, 29 Nov 2007 17:47:12 GMT
I don't want to omit keystore and truststore; I'm doing bidirectional  
(client and server) SSL authentication, that's the whole point.

Do you know why I get the SocketException?  In general, has anyone  
successfully done both client and server SSL authentication with  
HttpClient without using the javax.net.ssl.keyStore and trustStore  
properties?

Raul

On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:

>
> On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
>> Is there a way to do client authentication with HttpClient without
>> setting javax.net.ssl.keyStore?
>>
>> I tried the following code after building the contrib files:
>>
>>     HttpClient httpClient = new HttpClient();
>>     URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
>>     URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
>>     AuthSSLProtocolSocketFactory socketFactory =
>>         new AuthSSLProtocolSocketFactory(
>>                 keyStoreURL, "keyStorePassword", trustStoreURL,  
>> "trustStorePassword");
>>     Protocol httpsProtocol = new Protocol(url.getProtocol(),  
>> socketFactory, url.getPort());
>>     httpClient.getHostConfiguration().setHost(url.getHost(),  
>> url.getPort(), httpsProtocol);
>>
>> But this fails with:
>>
>>     java.net.SocketException: Default SSL context init failed: null
>>
>> Thanks,
>>
>> Raul Acevedo
>> http://www.cantara.com
>>
>
> Paul,
>
> (1) Keystore is optional. You can safely omit it.
> (2) Implement a custom trust manager that trusts anything. This way  
> you
> will not need a truststore.
> (3) Implement your own protocol socket factory that initializes the  
> SSL
> context with your own trust-anything trust manager. You can use
> EasySSLProtocolSocketFactory as a starting point.
>
> Hope this helps,
>
> Oleg
>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user- 
>> unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user- 
>> help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user- 
> help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message