Unfortunately, the commons-http client used by servicemix-http can not be easily configured if you use the standalone mode. This could be done if you embed servicemix in a web app or a java app though, as there is a property on the HttpComponent class itself that you could use to inject an aready configured client pool. I guess we could add the possibility to inject such a client at the endpoint level, which would solve your problem I guess (or maybe add a property on the servicemix-http configuration). Please raise a JIRA and provide a patch if you are willing to do so.
On Tue, Sep 9, 2008 at 3:10 PM, Andrey Kopachevsky <[EMAIL PROTECTED]> wrote: > To understand this term meaning see comment from one Apache Common Http > Client sources (the class name is > StrictSSLProtocolSocketFactory > http://www.devdaily.com/java/jwarehouse/commons-httpclient-2.0/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.shtml) > > Here it: > > > /** > * Set the host name verification flag. > * > * @param verifyHostname The host name verification flag. If set to > * <code>true</code> the SSL sessions server host name will be compared > * to the host name returned in the server certificates "Common Name" > * field of the "SubjectDN" entry. If these names do not match a > * Exception is thrown to indicate this. Enabling host name verification > * will help to prevent from man-in-the-middle attacks. If set to > * <code>false</code> host name verification is turned off. > */ > > So this is not enabled in servicemix http binding by default and no > properties to activate it. > In our experiments this feature does not work. > >> You mean like when you use SSH ? I'm not sure exactly how this mechanism >> work. >> But you can configure a trust store which is used to verify the key of >> the server or client. >> You can't specifically check for hostname verification, but if the >> server has a key associated to itself and if the trustore is >> configured, in effect, you end up with host verification I suppose. >> > > > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/
