After having put up a service that uses wildcard certificates for SSL, I've found Java's default of rejecting wildcards very broken. Fortunately, you can fix that by setting the HostnameVerifier on the HttpsURLConnection instance.
What this means is that, unfortunately, the java.net implementation of the ClientHelper for https isn't able to handle https connections to services with wildcard certificates. I've been able to patch the code and use a library that provides the same behavior found in web browsers like Firefox in that they accept wildcard certificates for SSL. Writing your own HostnameVerifier isn't easy but, fortunately, someone has done this for us. I've been using this library quite successfully: http://juliusdavies.ca/commons-ssl/index.html They hope/plan to become an apache commons project. The issue I see is that the current java.net client helper doesn't use anything but the facilities provided by the JDK. This would add a dependency on another library. Thoughts? BTW, here's the patched code: Index: HttpUrlConnectionCall.java =================================================================== --- HttpUrlConnectionCall.java (revision 2096) +++ HttpUrlConnectionCall.java (working copy) @@ -39,6 +39,8 @@ import com.noelios.restlet.Engine; import com.noelios.restlet.http.HttpClientCall; +import org.apache.commons.ssl.HostnameVerifier; + /** * HTTP client connector call based on JDK's java.net.HttpURLConnection class. * @@ -72,7 +74,12 @@ if (requestUri.startsWith("http")) { URL url = new URL(requestUri); this.connection = (HttpURLConnection) url.openConnection(); + if (this.connection instanceof HttpsURLConnection) { + HttpsURLConnection https = (HttpsURLConnection)this.connection; + https.setHostnameVerifier(HostnameVerifier.DEFAULT); + } + // These properties can only be used with Java 1.5 and upper // releases --Alex Milowski
