Where is the fact that you've OK'd a certificate stored in your system, and with what criteria? That is, is the cert supposed to be trusted on a per-MAC basis?
In general, what you'd need in this situation sounds like it could be quite complex -- basically an HttpFetcher implementation that mirrors this trust policy. --j On Wed, Jul 6, 2011 at 2:08 PM, Eric Woods <[email protected]> wrote: > Fellow Shindig Developers, > > I have a tough question regarding certificates. We have a server set up > that requires the acceptance of a certificate to access a URL which the > server hosts. If I access the URL via a web browser, the browser prompts > the user to trust the certificate (i.e. add an exception for the certificate > in Firefox) prior to using the service. Once I trust the certificate, all > is well. From a Shindig/gadget perspective, however, we don't have a pretty > UI to prompt the user to accept the certificate. We request the URL within > a gadget using osapi.http.get() as follows: > > var params = { > "href": "https://myhost.com/irequireacertificate";, > "headers": { > "Authorization": ["Basic xYz123"], > "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; > rv:5.0) Gecko/20100101 Firefox/5.0"], > "Accept": > ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,application/json"], > "Accept-Encoding": ["gzip, deflate"], > "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.7"] > }; > osapi.http.get(params).execute(function(resp) { > console.log(resp); > }); > > Invoking the request throws the following exception from BasicHttpFetcher: > > Caused by: org.apache.shindig.gadgets.GadgetException: > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > org.apache.shindig.gadgets.http.BasicHttpFetcher.fetch(BasicHttpFetcher.java:389) > at > org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute(DefaultRequestPipeline.java:104) > at > org.apache.shindig.gadgets.servlet.HttpRequestHandler.execute(HttpRequestHandler.java:231) > ... 33 more > > I suspect (and a quick Google search agrees) that this is likely because > the server requires a certificate to be trusted, but Shindig's > BasicHttpFetcher is unable to handle this challenge, so things blow up. > What type of strategy should we use for gadgets handling certificates? I > don't have enough expertise with SSL certificates for a credible > recommendation. > > Thanks! > - Eric W.
