[
https://issues.apache.org/jira/browse/CONNECTORS-579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530171#comment-13530171
]
Karl Wright commented on CONNECTORS-579:
----------------------------------------
Thanks, this is critical information, because I can see from the stack trace
that it is using the wrong certificate verifier, and yet I am supplying
Can you confirm that you are running a recently checked-out version of
ManifoldCF trunk? If you are running something you downloaded from
people.apache.org, it will not contain the necessary fix. The code in question
is here:
{code}
SSLSocketFactory myFactory = new SSLSocketFactory(new
InterruptibleSocketFactory(httpsSocketFactory,connectionTimeoutMilliseconds),
new AllowAllHostnameVerifier());
{code}
If you can confirm you are running the right stuff, then I'll go looking inside
the httpcomponents implementation for the reason why certificate verification
is still active even though I explicitly disabled it.
> RSS connector: Add untrusted, unverified SSL support
> ----------------------------------------------------
>
> Key: CONNECTORS-579
> URL: https://issues.apache.org/jira/browse/CONNECTORS-579
> Project: ManifoldCF
> Issue Type: Improvement
> Components: RSS connector
> Affects Versions: ManifoldCF 1.1
> Reporter: Karl Wright
> Assignee: Karl Wright
> Fix For: ManifoldCF 1.1
>
>
> The RSS has never needed SSL support before. But there are some sites that
> serve up everything through SSL. There's no need for host verification etc,
> but a simple "allow everything" approach might well be useful.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
