[jira] [Commented] (HTTPCLIENT-1275) AllowAllHostnameVerifier does not prevent SSL handshake verification errors

Wed, 12 Dec 2012 11:10:20 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530220#comment-13530220
 ] 

Karl Wright commented on HTTPCLIENT-1275:
-----------------------------------------

Ok, it appears that this was in part pilot error by the person running the 
test.  On the other hand, there is still apparently a possibility of getting an 
exception while getting peer certs, so now I am not sure whether to work on a 
solution to this problem - or ignore it.

                
> AllowAllHostnameVerifier does not prevent SSL handshake verification errors
> ---------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1275
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1275
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpConn
>    Affects Versions: 4.2.2
>            Reporter: Karl Wright
>            Assignee: Karl Wright
>             Fix For: 4.2.3
>
>
> In debugging unverified SSL connections for the ManifoldCF RSS connector, I 
> discovered that even with AllowAllHostnameVerifier(), which supposedly shuts 
> down SSL hostname verification, the SSLSession method getPeerCertificates() 
> can cause an exception anyway, before the overridden method is called, 
> because peer authentication has not yet occurred.
> See CONNECTORS-579 for details, and for the exact trace.
> I'm also looking for suggestions as to how to properly fix this.  One 
> possibility would be to catch the exception and pass null for the peer certs 
> to the verify method.  Since that loses the exception, though, it might be 
> better to change the method signature of the overridden verify() method and 
> include an Exception object, which could get rethrown if needed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to