Re: Axis Client using HTTPS w/ no authentication how?

[Don Albertson]

As a test, you might try this.  It worked for me using xml-rpc when the certificate on the host was not a trusted certificate.

Step 1  Create your own Host Verifier that will accept anything  mine looks like this:
class NullHostnameVerifier implements javax.net.ssl.HostnameVerifier {
        public boolean verify(String urlHostname, SSLSession session){
            return true;
        }
    }

Step 2   Before using https set your null verifier as the default

HttpsURLConnection.setDefaultHostnameVerifier(new NullHostnameVerifier());

When I did this, it would accept any certificate without caring if it was trusted or not.  I only needed it for a test implementation -- the live version checks.

On 6/1/05, Melean, Calixto (Calixto) <[EMAIL PROTECTED]> wrote:

Folks,

Could anybody please help me with the following problem. I am desperate for help as I can't get this to work.

I don't know if the problem is server or client. Anybody know how to configure Axis to send HTTPS to servers without using authentication/certificates.

The web service is using gsoap. The client is using java apache axis. The client is trying to use SSL(HTTPS).

I dont want want any authentication/certificates. I only need encryption.

In the server I am doing:

soap_ssl_server_context( soap, SOAP_SSL_DEFAULT, NULL, NULL, NULL, NULL, NULL, NULL, NULL )

The error printed by gsoap is:

SOAP FAULT: SOAP-ENV:Server. SSL_ERROR_SSL error:1408A0C1:SSL routines:SSL routines:reason(193). SSL_accept
() failed in soap_ssl_accept()

The error on the Axis side is:

javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure

---------------------

Now, I tried setting the soap context using the included server.pem (though I dont think I need this). And this is what happens:

soap_ssl_server_context( soap, SOAP_SSL_DEFAULT, "server.pem", "password", NULL, NULL, NULL, NULL, NULL )

Error on gsoap side:

SOAP FAULT: SOAP-ENV:Server. SSL_ERROR_SSL error:14094416:SSL routines:SSL routines:reason(1046). SSL_accept
() failed in soap_ssl_accept()

Error on Axis side:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found


The errors are different. Again, the goal is to have encryption with no authentication. Anybody knows how to get this going.

I appreciate any help

thanks

--
It used to be that machines automated work, giving us more  time to do other things. But now machines automate the  production of attention-consuming information, which takes  our time. For example, if one person sends the same e-mail  message to 10 people, then 10 people have to respond.
Esther Dyson