Hi Vasile, Thanks, I saw the error "main, RECV SSLv3 ALERT: fatal, bad_record_mac", and read http://old.nabble.com/Fwd%3A-Httpclient-sslv3---bad_record_mac-error-tt21999553.html#a22000148
Another question, is there is way to automatically detect the server SSL version. Because I see the default enabled protocols are "SSLv2Hello", "SSLv3", and "TLSv1". But restricting to SSLv3 will not make the code generic for all websites. Is there any better way other than restricting the version to SSLv3? Ahmed ________________________________ From: Vasile Alin <[email protected]> To: HttpClient User Discussion <[email protected]>; Ahmed Ashour <[email protected]> Sent: Tuesday, September 6, 2011 12:31 PM Subject: Re: Some websites: SSLPeerUnverifiedException: peer not authenticated Enabling the SSL debug may help to find the root cause: for example: System.setProperty("javax.net.debug", "all"); On 6 September 2011 11:56, Ahmed Ashour <[email protected]> wrote: > Dear all, > > I know this is a common question, but the below answer doesn't work for all > the websites (e.g. https://tradingpartners.comcast.com/PortOut/) > > On trying to specify custom TrustMangaer, it works for many websites, but not > all. > > The below code gives "javax.net.ssl.SSLPeerUnverifiedException: peer not > authenticated" > > Appreciate your help. > > ------------------------------------------------- > HttpClient client = new DefaultHttpClient(); > final SSLContext sslContext = SSLContext.getInstance("SSL"); > sslContext.init(null, new TrustManager[] {new X509TrustManager(){ > > public void checkClientTrusted(X509Certificate[] arg0, > String arg1) throws CertificateException { > } > > public void checkServerTrusted(X509Certificate[] arg0, > String arg1) throws CertificateException { > } > > public X509Certificate[] getAcceptedIssuers() { > return new X509Certificate[0]; > } > > }}, null); > final SSLSocketFactory factory = new SSLSocketFactory(sslContext, > new AllowAllHostnameVerifier()); > final Scheme https = new Scheme("https", 443, factory); > > final SchemeRegistry schemeRegistry = > client.getConnectionManager().getSchemeRegistry(); > schemeRegistry.register(https); > > HttpGet get = new > HttpGet("https://tradingpartners.comcast.com/PortOut/";); > client.execute(get); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
