Hi,
I'm using an own implementation of X509TrustManager interface.
When I create a new SSLContext to Mina's SslFilter I can use my trust manager:
public SslFilter createClientFilter() throws Exception {
SslFilter result = null;
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { new
MyTrustManagerImpl() }, null);
result = new SslFilter(sslContext);
result.setUseClientMode(true);
return result;
}
2009/7/8 Shaun Senecal <[email protected]>:
> I am using MINA 1.1.7 to implement a custom service using TLS and a custom
> protocol. I have everything working in that communication is encrypted,
> however, there doesnt seem to be any host name verification. ie, the URL I
> am using to connect to the server does NOT match the CN of the certificate
> that the server returns and no exception is thrown. Is there a way to
> enable this verification? Is this something I need to implement myself?
>
> It looks like JSSE does not provide this functionality at the SSL level, but
> provides it at the HttpsURLConnection level. I guess this means I need to
> implement it myself, but I dont see where I can inject this verification
> code since I need access to the server certificate as well as the URL. Any
> ideas?
>
