The default http fetcher is based on apache httpclient 4.x. There's some talk of this over here:
http://stackoverflow.com/questions/2703161/apache-httpclient-4-0-ignore-ssl-certificate-errors However I recommend that you do NOT do this as it could expose you to man in the middle attacks. Keytool should get the job done. On Thu, Jul 7, 2011 at 5:53 AM, Ryan J Baxter <[email protected]> wrote: > Doug did you try using gadgets.makeRequest? Did you have the same > problem? > > -Ryan > > Email: [email protected] > Phone: 978-899-3041 > developerWorks Profile > > > > From: "Davies,Douglas" <[email protected]> > To: <[email protected]>, > Date: 07/07/2011 01:11 AM > Subject: Re: Handling Certificates > > > > We had the same situation. The osapi.http.get call is be proxied through > your shindig server. You need to install the certificate into the cacerts > file on your shindig host using keytool then java should be able to find > it. > > Doug > > On Jul 6, 2011, at 5:09 PM, "Eric Woods" <[email protected]> wrote: > > > Fellow Shindig Developers, > > > > I have a tough question regarding certificates. We have a server set up > that requires the acceptance of a certificate to access a URL which the > server hosts. If I access the URL via a web browser, the browser prompts > the user to trust the certificate (i.e. add an exception for the > certificate in Firefox) prior to using the service. Once I trust the > certificate, all is well. From a Shindig/gadget perspective, however, we > don't have a pretty UI to prompt the user to accept the certificate. We > request the URL within a gadget using osapi.http.get() as follows: > > > > var params = { > > "href": "https://myhost.com/irequireacertificate";, > > "headers": { > > "Authorization": ["Basic xYz123"], > > "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; > rv:5.0) Gecko/20100101 Firefox/5.0"], > > "Accept": > > ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,application/json"], > > "Accept-Encoding": ["gzip, deflate"], > > "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.7"] > > }; > > osapi.http.get(params).execute(function(resp) { > > console.log(resp); > > }); > > > > Invoking the request throws the following exception from > BasicHttpFetcher: > > > > Caused by: org.apache.shindig.gadgets.GadgetException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > > at > > org.apache.shindig.gadgets.http.BasicHttpFetcher.fetch(BasicHttpFetcher.java:389) > > at > > org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute(DefaultRequestPipeline.java:104) > > at > > org.apache.shindig.gadgets.servlet.HttpRequestHandler.execute(HttpRequestHandler.java:231) > > ... 33 more > > > > I suspect (and a quick Google search agrees) that this is likely because > the server requires a certificate to be trusted, but Shindig's > BasicHttpFetcher is unable to handle this challenge, so things blow up. > What type of strategy should we use for gadgets handling certificates? I > don't have enough expertise with SSL certificates for a credible > recommendation. > > > > Thanks! > > - Eric W. > > > > -- Paul Lindner -- [email protected] -- linkedin.com/in/plindner
