Hi Bob,
Can you give me a little more information on why the server certificates
don't match their host names?
Re: ignoring the server certificate, xdmp:http-get() and related
functions allow you to specify a <verify-cert>false</verify-cert> option
to suppress any validation of the certificate. It looks like the docs
didn't get updated to include this option though. I'll file a bug on
that.
Note, however, that if you turn off certificate verification you leave
yourself open to using expired certificates, revoked certificates, and
man in the middle attacks. Disabling verification is intended more as a
short term fix while you get your certificates sorted out, and only to
be done with an understanding and acceptance of the security risks it
introduces.
Re: handling of your client certificate and private key, storing it in
the database is a reasonable approach. Just be sure to protect it
appropriately (e.g. visible only to some role that is given to an amped
function when needed).
Wayne.
On Wed, 2010-02-03 at 09:42 -0800, Runstein, Robert E. (Contr) (IS)
wrote:
> Thanks, Geert.
>
> Next issue is connecting machine to machine with 2 way SSL. I have two
> problems:
>
> First, in the development environment my destination server
> certificates do not match the server host name. How can I tell
> MarkLogic to ignore hostname verification ? I’d rather not create
> self-signed certificates for each developer’s workstation acting as a
> server.
>
> Second, I see where I pass the client cert in PEM format into the
> options node as well as the cert password. I’m thinking that I could
> just save the cert as a text document in the database and read that in
> as needed. Does that seem reasonable or is there a better way to do
> that (note that it will always be the same certificate for my
> application).
>
> Bob
>
> >Hi Robert,
>
> >You need to encode the params into key-value pairs into the data
> element of the options, and specify url-encoded content type. That
> should do the trick:
>
> >xdmp:http-post("http://localhost:8888/test/show-request.xqy";,
> <options xmlns="xdmp:http"><headers>
> <Content-type>application/x-www-form-urlencoded</Content-type>
>
> </headers><data>foo=bar</data></options>)
>
> >Kind regards,
>
> >Geert
>
> _____________________________________________
> From: Runstein, Robert E. (Contr) (IS)
> Sent: Tuesday, February 02, 2010 2:01 PM
> To: 'General Mark Logic Developer Discussion'
> Subject: Sending parameters with xdmp:http-post
>
> I have an external service that requires two named parameters via HTTP
> POST. I have sample code from the service provider for sending the
> parameters from Java, but as my processing is all in XQuery, I’d
> prefer to use xdmp:http-post.
>
> I see the examples for xdmp:http-post where an XML or SOAP document
> can be posted, but how do I specify the named parameters required by
> the service? Do I need to create an HTML page containing a form with
> named input tags corresponding to the parameter names and pass the
> page within the options data element or is there another way?
>
> e.g.,
>
> <html>
>
> <body>
>
> <form>
>
> <input type=”text” name=”parameter1”>
>
> <input type=”text” name=”parameter2”>
>
> </form>
>
> </body>
>
> </html>
>
> Bob
>
_______________________________________________
General mailing list
[email protected]
http://xqzone.com/mailman/listinfo/general
