Is it mandatory that I call Protocol.registerProtocol(). Because I have the
following lines in my code:
Protocol https = new Protocol("https", new
StrictSSLProtocolSocketFactory(), port);
//Protocol.registerProtocol("https", https);
client.getHostConfiguration().setHost(url.getHost(),
url.getPort(), https);
The above code on Windows, doesn't perform the Hostname verification. Only if
I uncomment the call to registerProtocol, the hostname verification is called.
But on my target linux (IBM JRE), this call to registerProtocol results in
'Peer not verified' exception.
Thanks in advance,
Partha
-----Original Message-----
From: Partha Venkatavaradhan (pavenkat)
Sent: Wednesday, November 26, 2008 12:02 PM
To: HttpComponents Project
Subject: RE: Certificate Validation
Hi,
Looks like after I included the StrictSSLProtocolSocketFactory, now even a
valid certificate like Thawte is declared as 'Peer not verfied'. This however
works on a Windows machine. I am testing it on a Java ME edition and there it
fails. Any clues?
Thanks,
Partha
-----Original Message-----
From: Ortwin Glück [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 1:34 AM
To: HttpComponents Project
Subject: Re: Certificate Validation
Hi Partha,
Please have a look at
http://hc.apache.org/httpclient-3.x/sslguide.html
and especially then
StrictSSLProtocolSocketFactory which is referenced there.
Cheers,
Ortwin
Partha Venkatavaradhan (pavenkat) wrote:
> Hi,
>
>
>
> I am running a tomcat server that has a valid certificate from Thwate.
> In my HTTP client code I am letting the library handle the SSL
> validation and I am not using any custom trust validation. Now,
> everything works fine but the problem is precisely this. It works fine
> even when if I specify the IP address of the server in the URL. Since
> the certificate is signed against my server's domain name, if I access
> the URL with IP address I expect the library to throw exception as the
> domain names doesn't match. This is what precisely happens when I try
> to access the server from a browser by typing the server's IP address
> instead of the domain name. I get a warning message stating that the
> domain name and the URL that I entered doesn't match.
>
>
>
> Is there any way I let the library explicitly validate the domain name
> and throw me an exception in case it detects a mismatch?
>
>
>
> Thanks,
>
> Partha
>
>
--
[web] http://www.odi.ch/
[blog] http://www.odi.ch/weblog/
[pgp] key 0x81CF3416
finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
