Actually, that won't work. The TrustDecider stuff is there to thwart
fishing attacks -- and in particular, to provide assurance that no
request is made out of a particular proxy without satisfying certain
criteria (e.g., that the connection is SSL-protected).
I think what you really want is to configure your HTTPS client to use
an anonymous cipher suite, though SSL without authentication is
essentially equivalent to using no SSL at all. Presumably, you're
only aiming at "checkbox security" if you don't really care about
trust, so go for it.
-Fred
On Sep 9, 2008, at 9:04 AM, Glen Mazza wrote:
rafik777 wrote:
I want to configure in cxf.xml (client configuration) which will
allow to
make an HttpsURLConnection to any host, without requiring valid
certs,
etc.
I read smth about TrustManager and TrustDecider but I don't know
how can I
use them.
Could you help me, please.
If you know how to search source code from your IDE I would download
the CXF
source and search on TrustDecider within source files--we most
probably have
a test case someplace that you can use to create a TrustDecider that
allows
everything.
Glen
--
View this message in context:
http://www.nabble.com/SSL---trust-everybody-tp19390650p19391908.html
Sent from the cxf-user mailing list archive at Nabble.com.
