On Fri, 2010-10-29 at 09:55 +0200, Gerhard Sinne wrote: > Hi Oleg, > thanks for taking the time. > > > Gerhard > > There's nothing wrong with the code. Your expectations as to what > TrustCelfSignedStrategy is > > meant to do do seem wrong, though. > > Sorry, cannot follow. What do you mean ? >
Self-signed != signed by one's own CA > So the code is correct. Now what else is wrong ? > > From the API I read: ( > http://hc.apache.org/httpcomponents-client-dev/httpclient/apidocs/org/apache/http/conn/ssl/TrustSelfSignedStrategy.html > ) > "A trust strategy that accepts self-signed certificates as trusted. > Verification of all other certificates is done by the trust manager > configured in the SSL context. " > > My https- server has a self-signed certificate. My expectation is that > with this TrustCelfSignedStrategy() any certificate (including self- > signed) is trusted and > the connection to my https- server is granted. > Your expectation is wrong. TrustCelfSignedStrategy clears as trusted only certificates that are self-signed (that is, there is only one certificate in the certificate chain). In all other cases the certificate chain will be verified against trust material specified in the SSL context. If you want to treat all certificates as trusted you will have to implement a custom TrustStrategy Oleg > > Best regards > Gerd > > The information included in this e-mail and any files transmitted with it is > strictly confidential and may be privileged or otherwise protected from > disclosure. If you are not the intended recipient, please notify the sender > immediately by e-mail and delete this e-mail as well as any attachment from > your system. If you are not the intended recipient you are not authorized to > use and/or copy this message and/or attachment and/or disclose the contents > to any other person. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
