Return-Path: 
 <httpclient-users-return-8723-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: (qmail 72441 invoked from network); 28 Oct 2010 15:39:20 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 28 Oct 2010 15:39:20 -0000
Received: (qmail 55714 invoked by uid 500); 28 Oct 2010 15:39:19 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 55486 invoked by uid 500); 28 Oct 2010 15:39:18 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 55467 invoked by uid 99); 28 Oct 2010 15:39:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Oct 2010 15:39:17 +0000
X-ASF-Spam-Status: No, hits=0.7 required=10.0
	tests=IP_LINK_PLUS,NORMAL_HTTP_TO_IP,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [92.42.190.144] (HELO ok2cons2.nine.ch) (92.42.190.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Oct 2010 15:39:09 +0000
Received: from [10.30.167.141] (unknown [213.55.131.182])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ok2cons2.nine.ch (Postfix) with ESMTPSA id 3CC964BA2CD
	for <httpclient-users@hc.apache.org>; Thu, 28 Oct 2010 17:38:48 +0200 (CEST)
X-User-Agent: K-9 Mail for Android
References: 
 <OF8B57526E.708BD6AD-ONC12577CA.004DEF81-C12577CA.004F6950@orga-systems.com>
 <1288277832.14364.12.camel@ubuntu>
 <OF4D3211BF.C484DE83-ONC12577CA.0052F51F-C12577CA.00538203@orga-systems.com>
In-Reply-To: 
 <OF4D3211BF.C484DE83-ONC12577CA.0052F51F-C12577CA.00538203@orga-systems.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: SSL self- signed- certicate trouble with
 TrustSelfSignedStrategy()
From: Oleg Kalnichevski <olegk@apache.org>
Date: Thu, 28 Oct 2010 17:36:15 +0200
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Message-ID: <01e8329c-048d-4eb2-931a-c2cbebc9c4b2@email.android.com>
X-Virus-Checked: Checked by ClamAV on apache.org

"Gerhard Sinne" <GSinne@orga-systems.com> wrote:

>Thanks Oleg for the quick reply,
>
>> > - Second, could somebody shed a light on this code which still
>fails 
>with 
>> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>> > 
>> 
>> You have to differentiate self-signed certificates from those signed
>by
>> non-trusted CA. The TrustSelfSignedStrategy causes HttpClient to
>bypass
>> the certificate checks for _self-signed_ certificates only.
>> 
>> Hope this helps
>
>Sorry the problem persists.
>
>So why does this code still fail with  
>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
>
>Changing the code to http (without 's')  and everything is fine, so the
>
>user/password authentication is ok.
>
>Could you please take a look a the few lines of code :
>
>        TrustStrategy trustStrategy           = new 
>TrustSelfSignedStrategy(); 
>      X509HostnameVerifier hostnameVerifier = new 
>AllowAllHostnameVerifier(); 
>      SSLSocketFactory sslSf              = new 
>SSLSocketFactory(trustStrategy, hostnameVerifier);
>
>      Scheme https                        = new Scheme("https", 443, 
>sslSf); 
>      SchemeRegistry schemeRegistry       = new SchemeRegistry();
>      schemeRegistry.register(https);
> 
>      ClientConnectionManager connection = new 
>ThreadSafeClientConnManager(schemeRegistry); 
> 
>      DefaultHttpClient httpClient = new DefaultHttpClient(connection);
>      httpClient.getCredentialsProvider().setCredentials(
>                                                         new 
>AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, "HTTPAccess"), 
>                                                         new 
>UsernamePasswordCredentials("username", "password"));
> 
>      HttpGet httpGet = new HttpGet("
>https://192.168.0.100:443/cgi-bin/read.xml?);
>      HttpResponse response = httpClient.execute(httpGet); 
>      System.out.println(response.getStatusLine());
>
>
>
>Thanks Regards
>/Gerd
>
>The information included in this e-mail and any files transmitted with
>it is strictly confidential and may be privileged or otherwise
>protected from disclosure. If you are not the intended recipient,
>please notify the sender immediately by e-mail and delete this e-mail
>as well as any attachment from your system. If you are not the intended
>recipient you are not authorized to use and/or copy this message and/or
>attachment and/or disclose the contents to any other person.

Gerhard
There's nothing wrong with the code. Your expectations as to what TrustCelfSignedStrategy is meant to do do seem wrong, though.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org