Hi, David, Good point! Sorry. I forgot that AbstractVerifier and its children are only looking at hostnames in the cert. The cert might still be untrusted (e.g. not signed by ca in cacerts) or expired.
yours, Julius On Jan 30, 2008 1:41 PM, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote: > > On Wed, 2008-01-30 at 12:37 -0800, David Byrne wrote: > > Julius, > > > > Thanks for replying. I saw AllowAllHostnameVerifier, but decided to write > > my own so I could report on the errors. However, this only solves part of > > my problem. Even if the verifier passes the cert along, the TrustManager > > used by SSLSocket will still throw an exception. I'm writing a null logic > > TrustManager for that. > > > > The host verification process can take place only after an SSL session > has been successfully established. So, the trust manager needs to verify > the certificate chain first. > > Oleg > > > > > Note that I might be way off on this. I'm still trying to wrap myself > > around Java's SSL implementation. > > > > Thanks, > > David > > > > -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
