Ya, I considered doing this as well, but I thought there had to be a "default" way of doing this. It seems like this is something that every X509TrustManager would want to do. Not sure why Sun's implementation wouldnt do it.
On Wed, Jul 8, 2009 at 6:18 PM, Viktor Balazs <[email protected]>wrote: > Hi, > > I'm using an own implementation of X509TrustManager interface. > > When I create a new SSLContext to Mina's SslFilter I can use my trust > manager: > > public SslFilter createClientFilter() throws Exception { > SslFilter result = null; > > SSLContext sslContext = SSLContext.getInstance("TLS"); > sslContext.init(null, new TrustManager[] { new > MyTrustManagerImpl() }, null); > > result = new SslFilter(sslContext); > result.setUseClientMode(true); > > return result; > } > > > 2009/7/8 Shaun Senecal <[email protected]>: > > I am using MINA 1.1.7 to implement a custom service using TLS and a > custom > > protocol. I have everything working in that communication is encrypted, > > however, there doesnt seem to be any host name verification. ie, the URL > I > > am using to connect to the server does NOT match the CN of the > certificate > > that the server returns and no exception is thrown. Is there a way to > > enable this verification? Is this something I need to implement myself? > > > > It looks like JSSE does not provide this functionality at the SSL level, > but > > provides it at the HttpsURLConnection level. I guess this means I need > to > > implement it myself, but I dont see where I can inject this verification > > code since I need access to the server certificate as well as the URL. > Any > > ideas? > > >
