Good digging! It sounds like what you've done should work.
Try adding this jvm arg too to see if that sheds any light on what's
going on.
-Djavax.net.debug=ssl
Failing that, write a class that extends
org.apache.http.conn.ssl.AllowAllHostnameVerifier. In it, override the
verify method calling super.verify() but also adding in some logging to
verify it's being called.
Andy
On 13/09/2013 04:57, galvanash wrote:
After some digging I found there was already a built in verifier class
for doing this, so I tried this too, but it didnt work either:
*-Dcom.naryx.cfm.http.X509HostnameVerifier=org.apache.http.conn.ssl.AllowAllHostnameVerifier*
And the bluedragon.log shows no error, it loads it fine:
*Using alternative CFHTTP hostname verifier:
org.apache.http.conn.ssl.AllowAllHostnameVerifier*
But it still doesn't work...
*Connect Exception: hostname in certificate didn't match*
On Thursday, September 12, 2013 9:56:02 PM UTC-5, Alan Williamson wrote:
Did that not work?
-Dcom.naryx.cfm.http.X509HostnameVerifier=yourname.domain.com
<http://yourname.domain.com>
On 12/09/2013 21:46, galvanash wrote:
So another developer team at my company is developing a REST web
service in .NET and we need to do testing with it in OpenBD.
Having played with it in a browser I am fairly certain using it
from OpenBD will be trivial, but we have a problem when it comes
to actually testing it...
The test server is setup using a self-signed certificate. No
problem I figured, been there, done that. I added the cert to our
keystore thinking that would take care of everything - nope...
Turns out the certificate is setup for a different hostname (from
another site on that box), but we can't use that hostname because
they are using host headers to direct the traffic to the test web
service. They can't or won't change it - they don't understand
the issue since they can deal with it just fine on their end
(ugghhhh)...
So long story short, I started digging into how to get
OpenBD/Java to ignore hostname mismatches. I came across this in
the source code for OpenBD (cfHttpConnection.java)
if(System
<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html>.getProperty("com.naryx.cfm.http.X509HostnameVerifier")!=
null){
String
<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/String.html>
hostnameVerifier
= System
<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html>.getProperty("com.naryx.cfm.http.X509HostnameVerifier");
cfEngine.log("-] Using alternative CFHTTP hostname verifier: " +
hostnameVerifier );
hostVerifier = ( X509HostnameVerifier )Class
<http://java.sun.com/j2se/1.5.0/docs/api/java/lang/Class.html>.forName(
hostnameVerifier
).newInstance();
}
I never saw this feature before and I can't find documentation
for it anywhere. My question I guess is does anyone know how to
get this to work? I tried creating a class implementing
X509HostnameVerifier and I put the class file for it in
/WEB-INF/classes - then I set the
com.naryx.cfm.http.X509HostnameVerfier property to the name of
the class in my server startup - but it doesn't seem to do
anything at all.
Is this worth bothering with? Is there another way to get CFHTTP
to ignore hostname mismatches? I have already been done the road
of trying to implement a java agent to set the default
hostnameverfifier, but that doesn't seem to work either...
galvanash
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google
Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
