hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL self- signed- certicate trouble with TrustSelfSignedStrategy()
Date Thu, 28 Oct 2010 15:36:15 GMT
"Gerhard Sinne" <GSinne@orga-systems.com> wrote:

>Thanks Oleg for the quick reply,
>
>> > - Second, could somebody shed a light on this code which still
>fails 
>with 
>> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>> > 
>> 
>> You have to differentiate self-signed certificates from those signed
>by
>> non-trusted CA. The TrustSelfSignedStrategy causes HttpClient to
>bypass
>> the certificate checks for _self-signed_ certificates only.
>> 
>> Hope this helps
>
>Sorry the problem persists.
>
>So why does this code still fail with  
>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>
>Changing the code to http (without 's')  and everything is fine, so the
>
>user/password authentication is ok.
>
>Could you please take a look a the few lines of code :
>
>        TrustStrategy trustStrategy           = new 
>TrustSelfSignedStrategy(); 
>      X509HostnameVerifier hostnameVerifier = new 
>AllowAllHostnameVerifier(); 
>      SSLSocketFactory sslSf              = new 
>SSLSocketFactory(trustStrategy, hostnameVerifier);
>
>      Scheme https                        = new Scheme("https", 443, 
>sslSf); 
>      SchemeRegistry schemeRegistry       = new SchemeRegistry();
>      schemeRegistry.register(https);
> 
>      ClientConnectionManager connection = new 
>ThreadSafeClientConnManager(schemeRegistry); 
> 
>      DefaultHttpClient httpClient = new DefaultHttpClient(connection);
>      httpClient.getCredentialsProvider().setCredentials(
>                                                         new 
>AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, "HTTPAccess"), 
>                                                         new 
>UsernamePasswordCredentials("username", "password"));
> 
>      HttpGet httpGet = new HttpGet("
>https://192.168.0.100:443/cgi-bin/read.xml?);
>      HttpResponse response = httpClient.execute(httpGet); 
>      System.out.println(response.getStatusLine());
>
>
>
>Thanks Regards
>/Gerd
>
>The information included in this e-mail and any files transmitted with
>it is strictly confidential and may be privileged or otherwise
>protected from disclosure. If you are not the intended recipient,
>please notify the sender immediately by e-mail and delete this e-mail
>as well as any attachment from your system. If you are not the intended
>recipient you are not authorized to use and/or copy this message and/or
>attachment and/or disclose the contents to any other person.

Gerhard
There's nothing wrong with the code. Your expectations as to what TrustCelfSignedStrategy
is meant to do do seem wrong, though.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message