Mark Derricutt wrote: > On 2/9/06, *Hussein Shafie* <hussein at xmlmind.com > <mailto:hussein at xmlmind.com>> wrote: > > Yes, but unfortunately this is not simple because for this, you need to > configure Java, not XXE. > > > One could write a custom SSL provider which just accepts all certs, I do > this in one of my applications at work. It's just a simple wrapper that > I use for JavaMail related SSL services. Not sure if its something that > could be adapted and injected into XXE as a plugin thou. >
Thank you for this offer. In fact, XXE V2.9 had a simple server certificate manager. After understanding how server certificates really works in Java, this feature was removed in V2.9 Patch 1 because we assumed that it was not really needed. Naively, we assumed that almost all HTTPS servers use ``real certificates'' (i.e. signed by VeriSign, Thawte, Entrust, etc). If this proves not to be the case, (that is, if this becomes a FAQ), we'll reimplement a simple server certificate manager in XXE.
