hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Subject: Does EasySSLProtocolSocketFactory check for certificates validity?
Date Sat, 30 Jan 2010 23:06:44 GMT
On Sat, 2010-01-30 at 17:53 -0500, Clemens Eisserer wrote:
> Hello,
> 
> I use the following code in my application, to make sure even
> https-connections can be etablished if the server's certificate is
> invalid/self-signed:
> 
>        Protocol myhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>        Protocol.registerProtocol("https", myhttps);
> 
> Is this enough?
> 

That would be enough for self-signed but not for invalid certificates.


> I recently heard from one customer which said he ran into troubles
> because the machine running HttpClient was unaware of the server's
> certificates. Can this be right?
> 

Whether this is right or wrong could depend on your particular
application. Per default HttpClient trusts only server certificates
trusted by the Java runtime (certificates stored in the JRE keystore)

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message