hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From realflash <flash...@yahoo.com>
Subject Re: using SSL in a development environment
Date Tue, 19 May 2009 12:13:43 GMT


Bill Higgins-2 wrote:
> 
> Hi I'm working in a development environment where our servers use
> self-signed certificates. I want to use HttpClient 4 to connect to these
> servers and basically ignore any security errors that come back. I was
> hoping I could use org.apache.http.conn.ssl.SSLSocketFactory to do this by
> using SSLSocketFactory's ALLOW_ALL_HOSTNAME_VERIFIER verifier, but it
> failed
> with a javax.net.ssl.SSLPeerUnverifiedException with message "peer not
> authenticated".
> 
> A colleague suggested that I need to create my own implementation of
> LayeredSocketFactory, e.g. "TrustingSSLSocketFactory", but I was hoping
> there was a way to get SSLSocketFactory to work for me, if I could
> configure
> it the right way. Here is the code I am currently using. Please let me
> know
> if there's something simple I can change to use SSLSocketFactory in my
> development environment with servers with self-signed certs.
> 
> PS - I'm using HttpCore 4.0 Beta 2 and HttpClient 4.0 Alpha 4.
> 

For those who want to avoid the factory creation, Howard Abrams has produced
a neat solution to this problem by inserting a new security provider that
ignores cert problems. You just need to add two class files to your project
and call one method and bingo. You may also need to call
ALLOW_ALL_HOSTNAME_VERIFIER if the cert doesn't match the hostname.
-- 
View this message in context: http://www.nabble.com/using-SSL-in-a-development-environment-tp19001545p23615147.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message