hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Ludwig <sfmission...@yahoo.com>
Subject RE: getting httpclient to trust all certs for ssl?
Date Tue, 08 Apr 2008 20:53:32 GMT
Crap, my fat fingered typing prematurely sent the
response.

Execute this at any time before the SSL session:

public static void trustAllCerts() throws Exception {
   ProtocolSocketFactory sf=new   
      EasySSLProtocolSocketFactory();
   Protocol p = new Protocol("https", sf, 443);
   Protocol.registerProtocol("https", p);
}

As a side comment, is there any reason why the
contribs area is not included by default in the
httpclient binary distribution? It just complicates my
project management, seemingly unnecessarily.

Thanks again Greg!

-George

--- "Moore, Greg" <Greg_W_Moore@adp.com> wrote:

> George,
> Did you take a look at
> http://hc.apache.org/httpclient-3.x/sslguide.html
> at the EasySSLProtocolSocketFactory. there is an
> EasySSLProtocolSocketFactory and an EasyTrustmanager
> in SVN that seem to
> do ok. of course I wouldn't use it for production.
> 
> maybe this would help too. 
>
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
> 
> 
> Greg.
> 
> -----Original Message-----
> From: George Ludwig [mailto:sfmissionman@yahoo.com] 
> Sent: Monday, April 07, 2008 5:07 PM
> To: HttpClient User Discussion
> Subject: getting httpclient to trust all certs for
> ssl?
> 
> This seems to have come up before, but I've not been
> able  to find a resolution that works.
> 
> Basically, I want to trust all SSL certs. I doing
> web
> harvesting, and I just don't care if a cert is
> valid,
> self signed, or has valid trust chain.
> 
> I've tried a couple of solutions I found on the web,
> but they don't seem to work. Does anyone have a
> reliable solution to this?
> 
> The last one I tried was this:
> 
> public static void trustAllCerts() {
> 	// Create a trust manager that does not validate
> certificate chains
>     TrustManager[] trustAllCerts = new
> TrustManager[]{
>         new X509TrustManager() {
>             public
> java.security.cert.X509Certificate[]
> getAcceptedIssuers() {
>                 return null;
>             }
>             public void checkClientTrusted(
>                 java.security.cert.X509Certificate[]
> certs, String authType) {
>             }
>             public void checkServerTrusted(
>                 java.security.cert.X509Certificate[]
> certs, String authType) {
>             }
>         }
>     };
>     
>     // Install the all-trusting trust manager
>     try {
>         SSLContext sc =
> SSLContext.getInstance("SSL");
>         sc.init(null, trustAllCerts, new
> java.security.SecureRandom());
>        
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>     } catch (Exception e) {
>     }	
> }
> 
> I'm currently getting this exception:
> 
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> validation failed:
> java.security.cert.CertPathValidatorException: Path
> does not chain with any of the trust anchors
> error!
> 
> 
> [stack trace deleted]
> 
> 
> This message and any attachments are intended only
> for the use of the addressee and may contain
> information that is privileged and confidential. If
> the reader of the message is not the intended
> recipient or an authorized representative of the
> intended recipient, you are hereby notified that any
> dissemination of this communication is strictly
> prohibited. If you have received this communication
> in error, please notify us immediately by e-mail and
> delete the message and any attachments from your
> system.
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> 
> 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No
Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message