Step 1 Create your own Host Verifier that will accept anything mine looks like this:
class NullHostnameVerifier implements javax.net.ssl.HostnameVerifier {
public boolean verify(String urlHostname, SSLSession session){
return true;
}
}
Step 2 Before using https set your null verifier as the default
HttpsURLConnection.setDefaultHostnameVerifier(new NullHostnameVerifier());
When I did this, it would accept any certificate without caring if it was trusted or not. I only needed it for a test implementation -- the live version checks.
On 6/1/05, Melean, Calixto (Calixto) <[EMAIL PROTECTED]> wrote:
Folks,
Could anybody please help me with the following problem. I am desperate for help as I can't get this to work.
I don't know if the problem is server or client. Anybody know how to configure Axis to send HTTPS to servers without using authentication/certificates.
The web service is using gsoap. The client is using java apache axis. The client is trying to use SSL(HTTPS).
I dont want want any authentication/certificates. I only need encryption.
In the server I am doing:
soap_ssl_server_context( soap, SOAP_SSL_DEFAULT, NULL, NULL, NULL, NULL, NULL, NULL, NULL )
The error printed by gsoap is:
SOAP FAULT: SOAP-ENV:Server. SSL_ERROR_SSL error:1408A0C1:SSL routines:SSL routines:reason(193). SSL_accept
() failed in soap_ssl_accept()
The error on the Axis side is:
javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
---------------------
Now, I tried setting the soap context using the included server.pem (though I dont think I need this). And this is what happens:
soap_ssl_server_context( soap, SOAP_SSL_DEFAULT, "server.pem", "password", NULL, NULL, NULL, NULL, NULL )
Error on gsoap side:
SOAP FAULT: SOAP-ENV:Server. SSL_ERROR_SSL error:14094416:SSL routines:SSL routines:reason(1046). SSL_accept
() failed in soap_ssl_accept()
Error on Axis side:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
The errors are different. Again, the goal is to have encryption with no authentication. Anybody knows how to get this going.
I appreciate any help
thanks
--
It used to be that machines automated work, giving us more time to do other things. But now machines automate the production of attention-consuming information, which takes our time. For example, if one person sends the same e-mail message to 10 people, then 10 people have to respond.
Esther Dyson