John, Here's some code you can use that bypasses all certificate validation. :)
SSLSocketFactory sslFactory = new DummySSLSocketFactory(); Socket socket = (SSLSocket)sslFactory.createSocket(host, port); The implementation of DummySSLSocketFactory is below. It's pretty easy to modify the classes so that they don't require a root CA, but still require a non-expired certificate. Regards, Matt ------------------------------- private static class DummySSLSocketFactory extends SSLSocketFactory { private SSLSocketFactory factory; public DummySSLSocketFactory() { try { SSLContext sslcontent = SSLContext.getInstance("TLS"); sslcontent.init(null, // KeyManager not required new TrustManager[] { new DummyTrustManager() }, new java.security.SecureRandom()); factory = sslcontent.getSocketFactory(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } public static SocketFactory getDefault() { return new DummySSLSocketFactory(); } public Socket createSocket(Socket socket, String s, int i, boolean flag) throws IOException { return factory.createSocket(socket, s, i, flag); } public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr2, int j) throws IOException { return factory.createSocket(inaddr, i, inaddr2, j); } public Socket createSocket(InetAddress inaddr, int i) throws IOException { return factory.createSocket(inaddr, i); } public Socket createSocket(String s, int i, InetAddress inaddr, int j) throws IOException { return factory.createSocket(s, i, inaddr, j); } public Socket createSocket(String s, int i) throws IOException { return factory.createSocket(s, i); } public String[] getDefaultCipherSuites() { return factory.getSupportedCipherSuites(); } public String[] getSupportedCipherSuites() { return factory.getSupportedCipherSuites(); } } /** * Trust manager which accepts certificates without any validation * except date validation. */ private static class DummyTrustManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { try { chain[0].checkValidity(); } catch (CertificateExpiredException e) { } catch (CertificateNotYetValidException e) { } } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of John Goalby > Sent: Saturday, October 12, 2002 7:22 PM > To: [EMAIL PROTECTED] > Subject: Re: [JDEV] SSL with Jabber > > > Thanks! I am trying to use the native Java SSL support in > 1.4.1 and having > a problem. > > I am trying to connect to the jabber.org server on port 5223. > > I get a certificate_unknown error. I haven't imported the > certificate from > jabber.org as I cannot find it. Should I be able to download > this and > import it by hand? > > Or should there be someway to import it automatically? > > I assume I am having problems due to the jabber.org cert not > being trusted > by a CA. > > Any help would be appreciated. > > Thanks! > > John. > > >There is nothing special about it. > >5223 is the standard ssl port. It is plain SSL/TLS on server > side based > >on i.e. OpenSSL. Java's native SSL or PureTLS will work fine. > > > >I can't remember if jabber.org supports SSL, but jabber.com propably > >will. > > > >ulrich > > > >John Goalby wrote: > > > > > > I am looking to write a Jabber client in Java and would like to > > > support > >the > > > SSL connection. > > > > > > Is there somewhere I can look for more information on how to do > > > this? > > > > > > Is there anything specific to Jabber, or is it some kind > of standard > > > SSL connection. > > > > > > Can anyone point to some sample code for this? > > > > > > Any help appreciated. > > > > > > Thanks in advance! > > > > > > John. > > > > > > _________________________________________________________________ > > > Chat with friends online, try MSN Messenger: > > > http://messenger.msn.com > > > > > > _______________________________________________ > > > jdev mailing list > > > [EMAIL PROTECTED] > > > http://mailman.jabber.org/listinfo/jdev > >_______________________________________________ > >jdev mailing list > >[EMAIL PROTECTED] > >http://mailman.jabber.org/listinfo/jdev > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > _______________________________________________ > jdev mailing list > [EMAIL PROTECTED] > http://mailman.jabber.org/listinfo/jdev > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev