DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26451>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26451 URL.openConnection() returns sun class with JDK 1.4.2_03 Summary: URL.openConnection() returns sun class with JDK 1.4.2_03 Product: Tomcat 5 Version: 5.0.18 Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Servlet & JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Please HEAR ME OUT and read this entire description... Sun stated all classes and interfaces from com.sun.ssl have been moved to javax.net.ssl, as of JDK 1.4 (see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#comToj avax). Of course I can't find the link now, but I saw a post from a Tomcat contributor saying that Tomcat used the sun implementation until I believe version 4.1.x, but that it was definitely fixed in 5.x. So, here I am with J2SDK 1.4.2_03 and Tomcat 5.0.18, and even without toying with the system property java.protocol.handler.pkgs, I receive sun.net.www.protocol.https.HttpsURLConnectionImpl from a java.net.URL.openConnection() method. And, would you know, adding System.setProperty ("java.protocol.handler.pkgs", "javax.net.ssl"); doesn't do a darn thing.... Granted it's not a big deal because sun.net.www.protocol.https.HttpsURLConnectionImpl can be cast to javax.net.ssl.HttpsURLConnection. However, it's still not *right* (at least Sun says so). Here's some sample code to reproduce. The error handling has been removed for simplicity: //sample accepts all certs.. javax.net.ssl.TrustManager[] trustCAISOcerts = new javax.net.ssl.TrustManager[] { new javax.net.ssl.X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; //normally declare as a javax.net.ssl.HttpsURLConnection //but for example sake, making a general object java.lang.Object exampleConnectionAsObject = null; java.net.URL exampleURL = new java.net.URL ("https://www.chainedssl.com/test/chainedssl.html";); System.out.println(" Java VM version: " + System.getProperty ("java.vm.version")); System.setProperty("java.protocol.handler.pkgs", "javax.net.ssl"); javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL"); System.out.println("Default Provider: " + sc.getProvider().toString()); sc.init(null, trustCAISOcerts, new java.security.SecureRandom()); javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory ()); exampleConnectionAsObject = exampleURL.openConnection(); System.out.print(" Class returned by URL.openConnection(): "); System.out.println(exampleConnectionAsObject.getClass().getName() + "\n"); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
