Hi
So does it work if at least a single certificate is available in the store ?
If so then can you add a generated certificate into the store to get
things working ?
It appears TrustManager is not designed to work without any certificates
available given that it has methods for checking the certs and the
documentation says that IllegalArgumentException is expected if
"if null or zero-length chain is passed in for the chain parameter"
Thanks, Sergey
On 18/02/15 07:29, Khare, Aparna wrote:
Just want to add that this fails when certificate is not there in keystore my
requirement is that keystore should not have certificate and still it should
validate the SSL
Thanks,
Aparna
From: Khare, Aparna
Sent: Tuesday, February 17, 2015 5:53 PM
To: users@cxf.apache.org
Subject: Implement trust all using apache cxf
Dear Colleagues,
I'm trying to implement trust all using apach cxf
Created DefaultTrustManager class
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(final java.security.cert.X509Certificate[]
certs,
final String authType) {
}
@Override
public void checkServerTrusted(final java.security.cert.X509Certificate[]
certs,
final String authType) {
}
I have created this class implementing the x509trust manager
And then I call the trust manager using below code
TLSClientParameters tlsParams = new TLSClientParameters();
TrustManager[] trustAllCerts = new TrustManager[] { new
DefaultTrustManager() };
tlsParams.setTrustManagers(trustAllCerts);
tlsParams.setDisableCNCheck(true);
conduit.setTlsClientParameters(tlsParams);
still I get certificate validation failed.
Can someone is I have missed something
Thanks,
Aparna
