hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "micky" <micky_...@cyberpowersystems.com.tw>
Subject Can I create SSLSocketFactory without KeyStore?
Date Fri, 07 Mar 2008 06:46:30 GMT
Dear all,

I want to use https connection to communicate between my own application's
server and client.

I just want the connection channel is secure.
So I think I don't check anything, and just allow HTTPS connected.

I create a HostnameVerifier which allows all check passed as following code.

private HostnameVerifier initSSL() {

	// Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers()
{  return null;  }
            public void
checkClientTrusted(java.security.cert.X509Certificate[] certs, String
authType) {
            public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
            public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) { return true; }
            public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) { return true; }
    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
    } catch (Exception e) {

    HostnameVerifier hv = new HostnameVerifier() {
    	public boolean verify(String urlHostName, SSLSession session) {
return true; }
    return hv;


So that I don't need to load a ".keystore" file within my application.
I use it (hv) with HttpsURLConnection and they worked well.

When I use HttpClient-4.0-Alpha3, the SSLSocketFactory need a KeyStore to
And even if I use AllowAllHostnameVerifier, it still will check and fail on
HTTPS connection.

KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());

// I don't want the following code to load a ".keystore" file.
// FileInputStream instream = new FileInputStream(new File(".keystore")); 
// try {
//    trustStore.load(instream, "changeit".toCharArray());
// } finally {
//    instream.close();
// }

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

AllowAllHostnameVerifier hostnameVerifier = new AllowAllHostnameVerifier();

Can I create SSLSocketFactory without KeyStore?

Can I use the "check nothing HostnameVerifier" in HttpClient 4.0-Alpha3?

Any suggestion is appreciated.


To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message