Hi Dumindu,
So is it hard to provide such an option (turn on/off validation)?
I think this limitation really restrict axis2/c's usage under SSL.
In my case, I would like to access salesforce web service using a WSDL
refered to by the URL:
https://na2.salesforce.com/services/wsdl/metadata
All I know is this URL, and I don't know the CA certificate and server cert,
and I am not sure if they have one. I also have no way to know they server host
and port, so I won't be able to get their cert using the openSSL commands
listed in the axis2/c manual.
Any workarounds?
Thanks!
Vivian
>Hi Vivian,
>Please find my comment inline:
>
>On Wed, Oct 29, 2008 at 11:44 PM, Vivian Wang ><[EMAIL PROTECTED]>wrote:
>
>So is there an option in axis2/c that I can turn off the certificate
>> validation?
>
>
>No we don't support that at the moment.
>
>
>> I think this is important because from a client point of view, lots of
>> times when I want to access a web service under SSL using https://.. I
>> know that is the site I want to go.
>
>
>Yes web browsers do support that, but in reality you don't know if
>that truly is the site that you want to access, if you don't have the
>server's certificate beforehand. (someone can spoof dns and appear
>themselves as https://foo.com). Yes I have neglected about well known
>Certificate Authorities for simplicity. If you trust the CA that issued >the
>server cert, all you need is the CA's certificate.
>
>
>> And just like you said, browsers will ask you if you want to trust the >site
>> and I can say yes or no.It would also be very inconvenient for a client >to
>> have to get the certificate from a service provide (they may not give >you).
>Anyway, if it is only for testing, what you can do is to follow the >Axis2/C
>manual and retrieve the server cert from the server. [1] (refer to
>sec. 13.1.2 Configuration). Well you can do this even if it was not for
>testing, but it is not recommended to do so.
>Thanks,
>Dumindu.
>[1] http://ws.apache.org/axis2/c/docs/axis2c_manual.html#ssl_client
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
