Hi Alex, Thanks for teaching me new aspects of SSL :)
We have a RFE to improve SSL support in Restlet 1.1, I've updated it to propose the addition of a connector parameter. See details here: http://restlet.tigris.org/issues/show_bug.cgi?id=281 Best regards, Jerome > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la > part de Alex Milowski > Envoyé : vendredi 27 juillet 2007 10:48 > À : [email protected] > Objet : SSL and Wildcard Certifcates > > After having put up a service that uses wildcard certificates for SSL, > I've found > Java's default of rejecting wildcards very broken. > Fortunately, you can fix > that by setting the HostnameVerifier on the > HttpsURLConnection instance. > > What this means is that, unfortunately, the java.net > implementation of the > ClientHelper for https isn't able to handle https connections > to services with > wildcard certificates. I've been able to patch the code and > use a library > that provides the same behavior found in web browsers like Firefox in > that they accept wildcard certificates for SSL. > > Writing your own HostnameVerifier isn't easy but, fortunately, someone > has done this for us. I've been using this library quite > successfully: > > http://juliusdavies.ca/commons-ssl/index.html > > They hope/plan to become an apache commons project. > > The issue I see is that the current java.net client helper doesn't use > anything but the facilities provided by the JDK. This would > add a dependency on > another library. > > Thoughts? > > BTW, here's the patched code: > > Index: HttpUrlConnectionCall.java > =================================================================== > --- HttpUrlConnectionCall.java (revision 2096) > +++ HttpUrlConnectionCall.java (working copy) > @@ -39,6 +39,8 @@ > import com.noelios.restlet.Engine; > import com.noelios.restlet.http.HttpClientCall; > > +import org.apache.commons.ssl.HostnameVerifier; > + > /** > * HTTP client connector call based on JDK's > java.net.HttpURLConnection class. > * > @@ -72,7 +74,12 @@ > if (requestUri.startsWith("http")) { > URL url = new URL(requestUri); > this.connection = (HttpURLConnection) > url.openConnection(); > + if (this.connection instanceof HttpsURLConnection) { > + HttpsURLConnection https = > (HttpsURLConnection)this.connection; > + https.setHostnameVerifier(HostnameVerifier.DEFAULT); > + } > > + > // These properties can only be used with Java > 1.5 and upper > // releases > > --Alex Milowski
