RE: apache 2.3.1 and SSL

Thu, 10 Jun 2004 10:35:45 -0700 

Scott -

Please help - The trusting all does not work as apache SOAP overides the SSLContext i 
am setting up. Hence by the time SOAP call is made the new Trustmanager has been 
initialized and hence my "trust all doesnt work" . My plain HTTPS calls go fine (trust 
all works with HttpsUrlConnection calls) but apache SOAP calls fail as my TRUST ALL is 
not taking effect. 

Is there a setting in apache soap or any ENV setting by which i could tell APACHE soap 
to "trust all" . 

Please help
Regards
Madhukar


-----Original Message-----
From: Sinha, Madhukar [IT] 
Sent: Thursday, June 10, 2004 10:25 AM
To: [EMAIL PROTECTED]
Subject: RE: apache 2.3.1 and SSL



Daniel /group 

i am using jsse 1.0.2 and am using trustmanager to trust all certs but i am still 
getting "Could not find trusted cert in chain." , Looks like JSSE is still trying to 
trust my certificate (which on our server is dummy expired cert from verisign ..for 
now).

I saw somewhere on internet that - it could be a bug for JSSE when used with JRE 1.3.1 
. Please let me know if this is true and/or if there is anyway round it. 

I am using following code to trust all -

##############################


                       Security.addProvider(new 
com.sun.net.ssl.internal.ssl.Provider());
                       
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
//FOR JSSE 1.0.3       
System.setProperty("java.protocol.handler.pkgs","javax.net.ssl");
/*
        Provider [] provs = Security.getProviders();
        for (int i = 0 ; i < provs.length; i++) {
            System.out.println("");
            System.out.println(provs[i].getName());
            System.out.println(provs[i].getInfo());
            provs[i].list(System.out);
        }

*/
//
// Create a trust manager that does not validate certificate chains

TrustManager[] trustAllCerts = new TrustManager[]{
         new X509TrustManager() {
             public java.security.cert.X509Certificate[]
 getAcceptedIssuers() {
                 return null;
             }
             public void checkClientTrusted(
                 java.security.cert.X509Certificate[] certs, String authType) {
             }
             public void checkServerTrusted(
                 java.security.cert.X509Certificate[] certs, String authType) {
             }

      public boolean isServerTrusted(java.security.cert.X509Certificate[] certs){
          return true;
      }
      public boolean isClientTrusted(java.security.cert.X509Certificate[] certs){
          return true;
     }
         }
     };

// to Install the all-trusting trust manager

  try{
   SSLContext sc = SSLContext.getInstance("SSL");
   sc.init(null, trustAllCerts, new java.security.SecureRandom());
   HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
      } catch (Exception e) {
   e.printStackTrace();
  }
//followed by SOAP calls. 


                        URL url = null;
                        url = new URL(endpoint);
                        Call call = new Call();
                        SOAPHTTPConnection shc = new SOAPHTTPConnection ();
                        shc.setMaintainSession (true);
                        shc.setCookieHeader(smCookies);
                        call.setSOAPTransport (shc);
                        call.setSOAPMappingRegistry(smr);
                        call.setTargetObjectURI(targetObjURI);
                        call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
                        call.setMethodName("construct_query");
                        call.setParams(params);

                        Response resp = call.invoke ( url, "" );

###########################################################

ALSO attached is the DEBUG TRACE when i have SSL DEBUG turned on for JRUN JVM 

<file attached>

ANy help will be really useful.

thanks
MS


-----Original Message-----
From: Daniel Zhang [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 2:04 PM
To: [EMAIL PROTECTED]
Subject: Re: apache 2.3.1 and SSL


A good reference page for Tomcat -  
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
Sun's  JSSE page for J2SDK 1.2.x and 1.3.x - 
http://java.sun.com/products/jsse/index-103.html
A page for JRUN - 
http://teaching.cs.uml.edu/~heines/tools/JRun4/docs/html/Programmers_Guide/wssecurity4.html

You need SSL certificates say from Verisign, Thawte or whatever(for 
testing, you can make self-signed certificates). You have to put 
certificates into keystores (or programmatically get that).  Also you 
need to configure your servers. Finally change SOAP calls from HTTP to 
HTTPs.

Daniel


Sinha, Madhukar [IT] wrote:

> I have JSSE 1.0.2 , does apache SOAP have a minimum requirement of 
> JSSE 1.0.3? we are using J2SE 1.3.0 here
>  
> thanks
> madhukar
>  
>
>     -----Original Message-----
>     *From:* Sinha, Madhukar [IT]
>     *Sent:* Thursday, June 03, 2004 1:38 PM
>     *To:* [EMAIL PROTECTED]
>     *Subject:* apache 2.3.1 and SSL
>
>     Hello
>      
>     I have SOAP webservices running under JRUN . Our server is moving
>     to SSL.  I understand that no changes need to be done on server side.
>      
>     but if i have java WEBservice clients - can someone suggest me
>     examples or how/what change will be needed . I saw that we need
>     JSSE 1.2.1 or higher. Please help with some information.
>      
>     Please help
>      
>     Thanks
>     MS
>
>          
>

Reply via email to