Return-Path: 
 <httpclient-users-return-7565-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: (qmail 19099 invoked from network); 24 Nov 2009 09:21:10 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 24 Nov 2009 09:21:10 -0000
Received: (qmail 16172 invoked by uid 500); 24 Nov 2009 09:21:10 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 16083 invoked by uid 500); 24 Nov 2009 09:21:09 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 16073 invoked by uid 99); 24 Nov 2009 09:21:09 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Nov 2009 09:21:09 +0000
X-ASF-Spam-Status: No, hits=-2.6 required=5.0
	tests=BAYES_00
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [92.42.190.144] (HELO ok2cons2.nine.ch) (92.42.190.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Nov 2009 09:21:07 +0000
Received: from [192.168.100.100] (unknown [213.55.131.180])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ok2cons2.nine.ch (Postfix) with ESMTPSA id 305244BA37B
	for <httpclient-users@hc.apache.org>; Tue, 24 Nov 2009 10:20:46 +0100 (CET)
Subject: Re: SSL certificate 2048 bit with 3.0
From: Oleg Kalnichevski <olegk@apache.org>
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
In-Reply-To: 
 <FCC8AEF2DD3B4247BA98869D36AC0BB41A84FFA933@CORPMAIL07.corp.capgemini.com>
References: 
	 <FCC8AEF2DD3B4247BA98869D36AC0BB41A84FFA933@CORPMAIL07.corp.capgemini.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 24 Nov 2009 10:20:40 +0100
Message-ID: <1259054440.4446.5.camel@ubuntu>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.1 
Content-Transfer-Encoding: 7bit

On Mon, 2009-11-23 at 13:21 +0100, BAYER, Patrice wrote:
> Hello,
> In a projet, we're using commons-httpclient 3.0 and the class EasySSLProtocolSocketFactory (EasyX509TrustManager) to have a SSL connection to a server.
> But we have the error < java.security.cert.CertificateException: Untrusted Server Certificate Chain > when the client connects to the server.
> The certificate is with 2048 bit but not with 1024 signed by the organism Verisign.
> 
> In this version of commons-httpclient, can the client accept this kind of key or must we upgrade client ?
> 
> Patrice Bayer

Patrice

HttpClient relies on standard java SSL functionality and therefore can
work with any certificates supported by JSSE.

This problem has nothing to do with the key length. The certificate has
been rejected as untrusted so apparently the SSL context have not
correctly initialized with the trust material.

Oleg    


> </PRE><p style="font-family:arial;color:grey" style="font-size:13px">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</p><PRE>



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org