I have the code below, which results in this exception:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:101)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:381)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
What's weird is that this code works for almost all URLs (try
https://fidelity.com, for example) but a few do not work. We've narrowed it
down to this simple change in Apache:
# Works
SSLProtocol -ALL +SSLv3 +TLSv1
# Doesn't work
SSLProtocol -ALL +SSLv3
Any idea how I could support these kinds of SSL setups while still supporting
all other major sites (fidelity.com, twitter.com, etc). My goal is pretty much
just to accept all SSL certs and my TrustingSSLSocketFactory gets me 99% there,
but I'd like to be 100% there. Any tips?
Patrick
====================
String url = "https://www.razoo.com/login";;
HttpParams params = new BasicHttpParams();
SchemeRegistry schemeRegistry = new SchemeRegistry();
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sslSocketFactory = new TrustingSSLSocketFactory();
sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
schemeRegistry.register(new Scheme("http", new PlainSocketFactory(), 80));
DefaultHttpClient client = new DefaultHttpClient(new
SingleClientConnManager(params, schemeRegistry), params);
HttpGet get = new HttpGet(url);
HttpResponse resp = client.execute(get);
System.out.println(resp.getStatusLine().getStatusCode());
====================
public class TrustingSSLSocketFactory extends SSLSocketFactory {
private static SSLContext sslContext;
public TrustingSSLSocketFactory() {
super(sslContext);
}
static {
try {
sslContext = SSLContext.getInstance("SSLv3");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Algorithm not found! Critical SSL
error!", e);
}
TrustManager easyTrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
@Override
public void checkServerTrusted(
X509Certificate[] chain,
String authType) throws CertificateException {
// Oh, I am easy!
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
try {
sslContext.init(null, new TrustManager[]{easyTrustManager}, null);
} catch (KeyManagementException e) {
throw new RuntimeException("Unexpected key management error", e);
}
}
@Override
public Socket createSocket() throws IOException {
SSLSocket socket = (SSLSocket) super.createSocket();
socket.setEnabledProtocols(new String[] {"SSLv3", "TLSv1"});
return socket;
}
}
====================
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
