hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL self- signed- certicate trouble with TrustSelfSignedStrategy()
Date Thu, 28 Oct 2010 15:36:15 GMT
"Gerhard Sinne" <GSinne@orga-systems.com> wrote:

>Thanks Oleg for the quick reply,
>> > - Second, could somebody shed a light on this code which still
>> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>> > 
>> You have to differentiate self-signed certificates from those signed
>> non-trusted CA. The TrustSelfSignedStrategy causes HttpClient to
>> the certificate checks for _self-signed_ certificates only.
>> Hope this helps
>Sorry the problem persists.
>So why does this code still fail with  
>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>Changing the code to http (without 's')  and everything is fine, so the
>user/password authentication is ok.
>Could you please take a look a the few lines of code :
>        TrustStrategy trustStrategy           = new 
>      X509HostnameVerifier hostnameVerifier = new 
>      SSLSocketFactory sslSf              = new 
>SSLSocketFactory(trustStrategy, hostnameVerifier);
>      Scheme https                        = new Scheme("https", 443, 
>      SchemeRegistry schemeRegistry       = new SchemeRegistry();
>      schemeRegistry.register(https);
>      ClientConnectionManager connection = new 
>      DefaultHttpClient httpClient = new DefaultHttpClient(connection);
>      httpClient.getCredentialsProvider().setCredentials(
>                                                         new 
>AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, "HTTPAccess"), 
>                                                         new 
>UsernamePasswordCredentials("username", "password"));
>      HttpGet httpGet = new HttpGet("
>      HttpResponse response = httpClient.execute(httpGet); 
>      System.out.println(response.getStatusLine());
>Thanks Regards
>The information included in this e-mail and any files transmitted with
>it is strictly confidential and may be privileged or otherwise
>protected from disclosure. If you are not the intended recipient,
>please notify the sender immediately by e-mail and delete this e-mail
>as well as any attachment from your system. If you are not the intended
>recipient you are not authorized to use and/or copy this message and/or
>attachment and/or disclose the contents to any other person.

There's nothing wrong with the code. Your expectations as to what TrustCelfSignedStrategy
is meant to do do seem wrong, though.


To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message