After some digging I found there was already a built in verifier class for doing this, so I tried this too, but it didnt work either:
* -Dcom.naryx.cfm.http.X509HostnameVerifier=org.apache.http.conn.ssl.AllowAllHostnameVerifier * And the bluedragon.log shows no error, it loads it fine: *Using alternative CFHTTP hostname verifier: org.apache.http.conn.ssl.AllowAllHostnameVerifier* But it still doesn't work... *Connect Exception: hostname in certificate didn't match* On Thursday, September 12, 2013 9:56:02 PM UTC-5, Alan Williamson wrote: > > Did that not work? > > -Dcom.naryx.cfm.http.X509HostnameVerifier=yourname.domain.com > > > > On 12/09/2013 21:46, galvanash wrote: > > So another developer team at my company is developing a REST web service > in .NET and we need to do testing with it in OpenBD. Having played with it > in a browser I am fairly certain using it from OpenBD will be trivial, but > we have a problem when it comes to actually testing it... > > The test server is setup using a self-signed certificate. No problem I > figured, been there, done that. I added the cert to our keystore thinking > that would take care of everything - nope... Turns out the certificate is > setup for a different hostname (from another site on that box), but we > can't use that hostname because they are using host headers to direct the > traffic to the test web service. They can't or won't change it - they don't > understand the issue since they can deal with it just fine on their end > (ugghhhh)... > > So long story short, I started digging into how to get OpenBD/Java to > ignore hostname mismatches. I came across this in the source code for > OpenBD (cfHttpConnection.java) > > if ( System<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html> > .getProperty( "com.naryx.cfm.http.X509HostnameVerifier" ) != null ) { > String <http://java.sun.com/j2se/1.5.0/docs/api/java/lang/String.html> > hostnameVerifier > = System <http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html>. > getProperty( "com.naryx.cfm.http.X509HostnameVerifier" ); > cfEngine.log( "-] Using alternative CFHTTP hostname verifier: " + > hostnameVerifier ); > hostVerifier = ( X509HostnameVerifier > )Class<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/Class.html> > .forName( hostnameVerifier ).newInstance(); > } > > I never saw this feature before and I can't find documentation for it > anywhere. My question I guess is does anyone know how to get this to work? > I tried creating a class implementing X509HostnameVerifier and I put the > class file for it in /WEB-INF/classes - then I set the > com.naryx.cfm.http.X509HostnameVerfier property to the name of the class in > my server startup - but it doesn't seem to do anything at all. > > Is this worth bothering with? Is there another way to get CFHTTP to > ignore hostname mismatches? I have already been done the road of trying to > implement a java agent to set the default hostnameverfifier, but that > doesn't seem to work either... > > galvanash > > > -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
