[jira] [Commented] (HTTPCLIENT-1062) SSLSocketFactory.setHostnameVerifier(..) deprecated but no replacement defined

Tue, 29 Mar 2011 13:40:49 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012676#comment-13012676
 ] 

Richard Jose commented on HTTPCLIENT-1062:
------------------------------------------

Bartosz, could you tell me (and others who will read this thread) how you 
achieved what Oleg is talking about. I am frankly confused.

> SSLSocketFactory.setHostnameVerifier(..) deprecated but no replacement defined
> ------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1062
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1062
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1 Final
>            Reporter: Bartosz Firyn
>            Priority: Trivial
>              Labels: javadoc
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> I'm creating SSLSocketFactory and set host verifier to 
> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER to authorize any TLS/SSL host. 
> In HttpClient v4.1 this method is deprecated, however there is no replacement 
> specified. Also host verifier logic is still used in the code, so therefore 
> @Deprecated annotation shall be removed or some appropriate comment shall be 
> added for future devs to let them know which method shall they use instead or 
> at least why they shouldn't use 
> SSLSocketFactory.setHostnameVerifier(X509HostnameVerifier).
> <pre>
> import java.security.KeyManagementException;
> import java.security.NoSuchAlgorithmException;
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> import org.apache.http.conn.ssl.SSLSocketFactory;
> /**
>  * Create naive SSLSocket factory which will authorize any TSL/SSL host.
>  * 
>  * @author Bartosz Firyn (SarXos)
>  */
> public class NaiveSSLFactory {
>       /**
>        * @return Return naive SSL socket factory (authorize any SSL/TSL host)
>        */
>       public static SSLSocketFactory createNaiveSSLSocketFactory() {
>               X509TrustManager manager = new NaiveX509TrustManager();
>               SSLContext sslcontext = null;
>               try {
>                       TrustManager[] managers = new TrustManager[] { manager 
> };
>                       sslcontext = SSLContext.getInstance("SSL");
>                       sslcontext.init(null, managers, null);
>               } catch (NoSuchAlgorithmException e) {
>                       e.printStackTrace();
>               } catch (KeyManagementException e) {
>                       e.printStackTrace();
>               }
>               SSLSocketFactory factory = new SSLSocketFactory(sslcontext);
>               
> factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
>               return factory;
>       }
> }
> </pre>
> ---------------
> <pre>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
> import javax.net.ssl.X509TrustManager;
> /**
>  * The goal of this trust manager is to do nothing - it will authorize
>  * any TSL/SSL secure connection.
>  * 
>  * @author Bartosz Firyn (SarXos)
>  */
> public class NaiveX509TrustManager implements X509TrustManager {
>       @Override
>       public void checkClientTrusted(X509Certificate[] certs, String str) 
> throws CertificateException {
>       }
>       @Override
>       public void checkServerTrusted(X509Certificate[] certs, String str) 
> throws CertificateException {
>       }
>       @Override
>       public X509Certificate[] getAcceptedIssuers() {
>               return null;
>       }
> }
> </pre>
> ---------------------
> <pre>
> import org.apache.http.conn.ClientConnectionManager;
> import org.apache.http.conn.scheme.Scheme;
> import org.apache.http.conn.scheme.SchemeRegistry;
> import org.apache.http.conn.ssl.SSLSocketFactory;
> import org.apache.http.impl.client.DefaultHttpClient;
> /**
>  * Default HTTP client.
>  * 
>  * @author Bartosz Firyn (SarXos)
>  */
> public class NaiveSSLClient extends DefaultHttpClient {
>       /**
>        * Singleton instance.
>        */
>       private static NaiveSSLClient instance = null;
>       /**
>        * @return Singleton instance.
>        */
>       public static NaiveSSLClient getInstance() {
>               if (instance == null) {
>                       instance = create();
>               }
>               return instance;
>       }
>       /**
>        * @return New instance of HTTP client.
>        */
>       protected static NaiveSSLClient create() {
>               NaiveSSLClient client = new NaiveSSLClient();
>               SSLSocketFactory factory = 
> NaiveSSLFactory.createNaiveSSLSocketFactory();
>               ClientConnectionManager manager = client.getConnectionManager();
>               SchemeRegistry registry = manager.getSchemeRegistry();
>               registry.register(new Scheme("https", 443, factory));
>               return client;
>       }
>       /**
>        * Private.
>        */
>       private NaiveSSLClient() {
>       }
> }
> </pre>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to