hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Ludwig <sfmission...@yahoo.com>
Subject getting httpclient to trust all certs for ssl?
Date Tue, 08 Apr 2008 00:07:13 GMT
This seems to have come up before, but I've not been
able  to find a resolution that works.

Basically, I want to trust all SSL certs. I doing web
harvesting, and I just don't care if a cert is valid,
self signed, or has valid trust chain.

I've tried a couple of solutions I found on the web,
but they don't seem to work. Does anyone have a
reliable solution to this?

The last one I tried was this:

public static void trustAllCerts() {
	// Create a trust manager that does not validate
certificate chains
    TrustManager[] trustAllCerts = new TrustManager[]{
        new X509TrustManager() {
            public
java.security.cert.X509Certificate[]
getAcceptedIssuers() {
                return null;
            }
            public void checkClientTrusted(
                java.security.cert.X509Certificate[]
certs, String authType) {
            }
            public void checkServerTrusted(
                java.security.cert.X509Certificate[]
certs, String authType) {
            }
        }
    };
    
    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new
java.security.SecureRandom());
       
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
    }	
}

I'm currently getting this exception:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path
validation failed:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
error!
	at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
	at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
	at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
	at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
	at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
	at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
	at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
	at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
	at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
	at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
	at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
	at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
	at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
	at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
	at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at
com.markmonitor.harvester.util.FetcherUtil.getContent(FetcherUtil.java:91)
	at
com.markmonitor.harvester.util.FetcherUtil.getContent(FetcherUtil.java:55)
	at
com.markmonitor.reports.channel.UrlProcessingDaemon.getContent(UrlProcessingDaemon.java:197)
	at
com.markmonitor.reports.channel.scoring.ChannelScoringTest.readUrls(ChannelScoringTest.java:112)
	at
com.markmonitor.reports.channel.scoring.ChannelScoringTest.main(ChannelScoringTest.java:55)
Caused by: sun.security.validator.ValidatorException:
PKIX path validation failed:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
	at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
	at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
	at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:148)
	at
sun.security.validator.Validator.validate(Validator.java:218)
	at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	... 21 more
Caused by:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
	at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
	at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
	at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
	... 28 more



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No
Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message