[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: AbstractVerifier in 4.x (was Invalid SSL Certs)
From:       "Julius Davies" <juliusdavies () gmail ! com>
Date:       2008-01-30 21:44:12
Message-ID: 598ad5b50801301344r76f41249mb21f405a1dad9556 () mail ! gmail ! com
[Download RAW message or body]

Hi, David,

Good point!  Sorry.  I forgot that AbstractVerifier and its children
are only looking at hostnames in the cert.  The cert might still be
untrusted (e.g. not signed by ca in cacerts) or expired.

yours,

Julius


On Jan 30, 2008 1:41 PM, Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> On Wed, 2008-01-30 at 12:37 -0800, David Byrne wrote:
> > Julius,
> > 
> > Thanks for replying. I saw AllowAllHostnameVerifier, but decided to write my own \
> > so I could report on the errors. However, this only solves part of my problem. \
> > Even if the verifier passes the cert along, the TrustManager used by SSLSocket \
> > will still throw an exception. I'm writing a null logic TrustManager for that. 
> 
> The host verification process can take place only after an SSL session
> has been successfully established. So, the trust manager needs to verify
> the certificate chain first.
> 
> Oleg
> 
> 
> 
> > Note that I might be way off on this. I'm still trying to wrap myself around \
> > Java's SSL implementation. 
> > Thanks,
> > David
> > 
> > 

-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]