Yes.
Thank you very much to all who helped me.
The following constructor is depricated.
Do we have an alternative for this? Please let me know if there is any..
Protocol trustHttps = new Protocol("https", f, 443);
Thanks,
Arun Kumar Dubagunta
> -----Original Message-----
> From: Julius Davies [SMTP:[EMAIL PROTECTED]
> Sent: Wednesday, December 06, 2006 3:21 PM
> To: HttpClient User Discussion
> Subject: Re: how to treat the unknown certificate as trusted one
>
> Out of curiosity, are you on an IBM 1.4 JVM? I've had problems getting the
> server's certificate chain on IBM 1.4 when the server's certificate chain
> isn't exactly perfect (e.g. has some stray certificates that don't belong to
> the chain). IBM 1.5 (aka 5.0) seems to be fine.
>
> Temporary fix:
>
> HttpSecureProtocol f = *new* HttpSecureProtocol();
> f.setCheckHostname( false );
>
>
> yours,
>
> Julius
>
>
>
> On 12/6/06, Arunkumar Dubagunta <[EMAIL PROTECTED]> wrote:
> >
> >
> > When I tried to send a request to a https URL in the local network using
> > not-yet-commons-ssl.jar, I'm getting the following error.
> >
> > Am I missing something?
> >
> > Exception in thread "main" java.lang.NullPointerException
> > at org.apache.commons.ssl.Java14.retrieveClientAuth(Java14.java
> > :94)
> > at org.apache.commons.ssl.JavaImpl.getPeerCertificates(
> > JavaImpl.java:252)
> > at org.apache.commons.ssl.Util.verifyHostName(Util.java:244)
> > at org.apache.commons.ssl.SSL.doPostConnectSocketStuff(SSL.java
> > :432)
> > at org.apache.commons.ssl.SSL.createSocket(SSL.java:503)
> > at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java
> > :242)
> >
> >
> > Thanks,
> > Arun Kumar Dubagunta
> > > -----Original Message-----
> > > From: Julius Davies [SMTP:[EMAIL PROTECTED]
> > > Sent: Wednesday, December 06, 2006 10:44 AM
> > > To: HttpClient User Discussion
> > > Subject: Re: how to treat the unknown certificate as trusted one
> > >
> > > Here's the fast answer:
> > >
> > > Protocol myhttps = new Protocol("https",new
> > EasySSLProtocolSocketFactory(),
> > > 443);
> > > Protocol.registerProtocol( "https", myhttps );
> > >
> > >
> > > I'm cutting & pasting an email I wrote 2 days ago to httpclient-user.
> > >
> > > You have several options:
> > >
> > > 1. Import self-signed cert into Java's "cacerts" file.
> > >
> > -------------------------------------------------------------------------
> > > You can use "openssl s_client" or "not-yet-commons-ssl.jar Ping" to
> > > download the self-signed certificate. Cut & paste the Base64 PEM text
> > > into a separate file (be sure to include the ----BEGIN----- and
> > > -----END-----). Try and import it into Java's "cacerts" file. It's
> > > usually found here:
> > >
> > > $JAVA_HOME/jre/lib/security/cacerts
> > >
> > > Here's the command to import a Base64 PEM certificate into that file:
> > >
> > > cd $JAVA_HOME/jre/lib/security
> > > $JAVA_HOME/bin/keytool -import -file [file.pem] -keystore cacerts
> > >
> > > The password is usually "changeit" (unless you changed it? ROTFL).
> > >
> > > Personally, I don't really recommend this approach. But it's good to
> > > know about. If you ever upgrade your JVM or switch to JRockit or IBM,
> > > you're going to have to do this all over again.
> > >
> > >
> > > 2. Use EasySSLSockeyProtocolFactory
> > >
> > -------------------------------------------------------------------------
> > > http://jakarta.apache.org/commons/httpclient/sslguide.html
> > >
> > > This is a great approach for a dev environment, but it's usually not
> > > appropriate for a production environment.
> > >
> > >
> > > 3. Use AuthSSLSockeyProtocolFactory
> > >
> > -------------------------------------------------------------------------
> > > Set the client JKS to null. Set the trust JKS to a brand new JKS you
> > > created only containing the server's self-signed certificate.>
> > >
> > >
> > > 4. You can also try the ALPHA "not-yet-commons-ssl.jar"
> > >
> > -------------------------------------------------------------------------
> > > I think this is an interesting approach:
> > >
> > > http://juliusdavies.ca/commons-ssl/TrustExample.java.html
> > >
> > > It's kind of a hybrid approach of #1 and #2. Essentially equivalent
> > > to #3, but without the hassle of creating a JKS file. (Java Keystore
> > > File).
> > >
> > >
> > -------------------------------------------------------------------------
> > >
> > > Security note: downloading the certificate directly from the SSL
> > > handshake using "openssl s_client" or "not-yet-commons-ssl.jar" is not
> > > safe. In a dev environment it's okay. But in a production
> > > environment it leaves you suspectible to the oft-cited
> > > man-in-the-middle. It's safer than EasySSLSockeyProtocolFactory
> > > because you only download the certificate one time, whereas
> > > EasySSLSockeyProtocolFactory is always vulnerable, with every socket
> > > created. But nonetheless you should try to acquire the self-signed
> > > certificate through a different medium, maybe email (with
> > > encryption?), fax, telephone, letter mail, usb-drive, etc. Or if the
> > > self-signed cert is hosted on an properly signed "https" site, that's
> > > also okay (e.g. https://trustedsite.com/path/to/self-signed.pem).>
> > >
> > >
> > >
> > >
> > > On 12/6/06, Arunkumar Dubagunta <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > >
> > > > I need to make a call to an external URLs and post the data.
> > > >
> > > > Anybody has a solution for this.
> > > >
> > > > Any inputs will be greatly helpful. Thanks in advance.
> > > >
> > > > Thanks,
> > > > Arun Kumar Dubagunta
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Roland Weber [SMTP:[EMAIL PROTECTED]
> > > > > Sent: Wednesday, December 06, 2006 1:48 AM
> > > > > To: HttpClient User Discussion
> > > > > Subject: Re: how to treat the unknown certificate as trusted
> > one
> > > > >
> > > > > Hello,
> > > > >
> > > > > > Protocol myhttps = new Protocol("https",new
> > > > > > EasySSLProtocolSocketFactory(), 443);
> > > > > > httpClient.getHostConfiguration().setHost("xxx.xxx.com", 443,
> > > > > myhttps);
> > > > > > int responseCode = httpClient.executeMethod(postMethod);
> > > > >
> > > > > This will only work if you are using _relative_ URLs like
> > > > > "/" or "/index.html". Register your protocol as the default
> > > > > handler for https, as described in the SSL guide.
> > > > >
> > > > > hope that helps,
> > > > > Roland
> > > > >
> > > > > << File: SMIME.txt >>
> > > >
> > > >
> > > >
> > > > -----------------------------------------
> > > > This e-mail, including attachments, may include confidential and/or
> > > > proprietary information, and may be used only by the person or
> > > > entity to which it is addressed. If the reader of this e-mail is
> > > > not the intended recipient or his or her authorized agent, the
> > > > reader is hereby notified that any dissemination, distribution or
> > > > copying of this e-mail is prohibited. If you have received this
> > > > e-mail in error, please notify the sender by replying to this
> > > > message and delete this e-mail immediately.
> > > >
> > > >
> > >
> > >
> > > --
> > > yours,
> > >
> > > Julius Davies
> > > 416-652-0183
> > > http://juliusdavies.ca/
> >
> >
>
>
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
