hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From R Smith <ryan.justin.sm...@gmail.com>
Subject Re: Trust all certificates
Date Sat, 09 Apr 2016 11:01:36 GMT
FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
"TrustAllTrustStrategy" class and I use this for handling SSL certs.

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.apache.http.conn.ssl.TrustStrategy;
/**
 * When you want to accept all ssl certs, even ones that are not trusted,
use this class implementation of the trust strategy.
 */
public class TrustAllTrustStrategy implements TrustStrategy {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws
CertificateException {
return true; // trust everything like the class name says.
}
}

When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
TrustStrategy.

hth, -Ryan

On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <putmanb@georgetown.edu>
wrote:

> You can set the JSSE system property javax.net.debug to get a lot of
> debug output.  It will probably tell you why the handshake fails.  Try
> "javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
> options for that here:
>
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
>
> The output goes to stdout (or stderr, can't remember which).
>
>
>
> On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > Thanks a lot, Sam Wilson.
> > I'll read it.
> >
> > It's work well on java 8, but not on java 7 =/
> > From Google Chrome:
> > ```
> > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> suite.
> > The connection uses TLS 1.2.
> > The connection is encrypted and authenticated using AES_128_GCM and uses
> > ECDHE_RSA as the key exchange mechanism.
> > ```
> >
> > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz121@hotmail.com>
> wrote:
> >
> >> There are quite a few documents out there that go over SSL/TLS. Really
> >> depends on what you need to know. Wikipedia might be a good place to
> >> start, and there's always google to find out more. I seem to remember
> >> Mozilla had some decent high level documentation, but I think they've
> >> marked it as out of date.
> >>
> >> What's happening right now is that you can't complete the SSL handshake
> >> for some reason. StackOverflow has a post about someone having a similar
> >> problem: http://stackoverflow.com/a/6353956
> >>
> >> Hope that helps,
> >> Sam
> >>
> >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> >>> I'm a complete noob. Are there resources to help-me understand the
> >> problem.
> >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz121@hotmail.com>
> >> wrote:
> >>>> You can only turn off as much SSL validation as you control. The
> server
> >>>> may also terminate a connection (say, for instance, it requires a
> client
> >>>> SSL certificate.)
> >>>>
> >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> >>>>> But are there a way to disable the `SSL Verification`?
> >>>>>
> >>>>> I just wanna to ignore all SSL Verification.
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> ecki@zusammenkunft.net
> >>>>> wrote:
> >>>>>
> >>>>>> The exception you are showing means the server terminated the
> >> handshake
> >>>>>> for some reason. Hard to say why. It might require a client
cert or
> >> does
> >>>>>> not like yout proposed ciphers or ssl protocols.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> This particular exception seems not related to untrusted
> certificates,
> >>>>>> your different approaches are both valid to accept all certs
(ad
> long
> >>>> as it
> >>>>>> understands a common cipher and certificate type)
> >>>>>>
> >>>>>>
> >>>>>> Gruss
> >>>>>> Bernd
> >>>>>> --
> >>>>>> http://bernd.eckenfels.net
> >>>>>>   From Win 10 Mobile
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeixoto@gmail.com>
> >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
> >>>>>> *An: *httpclient-users@hc.apache.org
> >>>>>> *Betreff: *Trust all certificates
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Hi guys,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I'm using the HC to crawler a lot of sites =D. It's working
like a
> >>>> charm. I
> >>>>>> really in love with HC.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> >> Received
> >>>>>> fatal alert: handshake_failure` when I try to access a page
with a
> >>>> invalid
> >>>>>> Certificate.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I googled a lot and tried all solutions, but no one worked.
> >>>>>>
> >>>>>> Here a gist with my last try:
> >>>>>>
> >>>>>>
> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>>>>>
> >>>>>>
> >>>>>> Are there a easy solution to trust all certificates of all hosts
> with
> >>>> HC?
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> --
> >>>>>>
> >>>>>> Robson Roberto Souza Peixoto
> >>>>>>
> >>>>>> Robinho
> >>>>>>
> >>>>>> Master in Computer Science, University of Campinas
> >>>>>>
> >>>>>> IRC: robsonpeixoto
> >>>>>>
> >>>>>> Twitter: http://twitter.com/robinhopeixoto
> >>>>>>
> >>>>>> github: https://github.com/robsonpeixoto
> >>>>>>
> >>>>>>
> >>>>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>>
> >>>> --
> >>> Robson Roberto Souza Peixoto
> >>> Robinho
> >>> Master in Computer Science, University of Campinas
> >>> IRC: robsonpeixoto
> >>> Twitter: http://twitter.com/robinhopeixoto
> >>> github: https://github.com/robsonpeixoto
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >> --
> > Robson Roberto Souza Peixoto
> > Robinho
> > Master in Computer Science, University of Campinas
> > IRC: robsonpeixoto
> > Twitter: http://twitter.com/robinhopeixoto
> > github: https://github.com/robsonpeixoto
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message