When I tried to send a request to a https URL in the local network using
not-yet-commons-ssl.jar, I'm getting the following error.
Am I missing something?
Exception in thread "main" java.lang.NullPointerException
at org.apache.commons.ssl.Java14.retrieveClientAuth(Java14.java:94)
at
org.apache.commons.ssl.JavaImpl.getPeerCertificates(JavaImpl.java:252)
at org.apache.commons.ssl.Util.verifyHostName(Util.java:244)
at org.apache.commons.ssl.SSL.doPostConnectSocketStuff(SSL.java:432)
at org.apache.commons.ssl.SSL.createSocket(SSL.java:503)
at org.apache.commons.ssl.SSLClient.createSocket(SSLClient.java:242)
Thanks,
Arun Kumar Dubagunta
> -----Original Message-----
> From: Julius Davies [SMTP:[EMAIL PROTECTED]
> Sent: Wednesday, December 06, 2006 10:44 AM
> To: HttpClient User Discussion
> Subject: Re: how to treat the unknown certificate as trusted one
>
> Here's the fast answer:
>
> Protocol myhttps = new Protocol("https",new EasySSLProtocolSocketFactory(),
> 443);
> Protocol.registerProtocol( "https", myhttps );
>
>
> I'm cutting & pasting an email I wrote 2 days ago to httpclient-user.
>
> You have several options:
>
> 1. Import self-signed cert into Java's "cacerts" file.
> -------------------------------------------------------------------------
> You can use "openssl s_client" or "not-yet-commons-ssl.jar Ping" to
> download the self-signed certificate. Cut & paste the Base64 PEM text
> into a separate file (be sure to include the ----BEGIN----- and
> -----END-----). Try and import it into Java's "cacerts" file. It's
> usually found here:
>
> $JAVA_HOME/jre/lib/security/cacerts
>
> Here's the command to import a Base64 PEM certificate into that file:
>
> cd $JAVA_HOME/jre/lib/security
> $JAVA_HOME/bin/keytool -import -file [file.pem] -keystore cacerts
>
> The password is usually "changeit" (unless you changed it? ROTFL).
>
> Personally, I don't really recommend this approach. But it's good to
> know about. If you ever upgrade your JVM or switch to JRockit or IBM,
> you're going to have to do this all over again.
>
>
> 2. Use EasySSLSockeyProtocolFactory
> -------------------------------------------------------------------------
> http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> This is a great approach for a dev environment, but it's usually not
> appropriate for a production environment.
>
>
> 3. Use AuthSSLSockeyProtocolFactory
> -------------------------------------------------------------------------
> Set the client JKS to null. Set the trust JKS to a brand new JKS you
> created only containing the server's self-signed certificate.
>
>
> 4. You can also try the ALPHA "not-yet-commons-ssl.jar"
> -------------------------------------------------------------------------
> I think this is an interesting approach:
>
> http://juliusdavies.ca/commons-ssl/TrustExample.java.html
>
> It's kind of a hybrid approach of #1 and #2. Essentially equivalent
> to #3, but without the hassle of creating a JKS file. (Java Keystore
> File).
>
> -------------------------------------------------------------------------
>
> Security note: downloading the certificate directly from the SSL
> handshake using "openssl s_client" or "not-yet-commons-ssl.jar" is not
> safe. In a dev environment it's okay. But in a production
> environment it leaves you suspectible to the oft-cited
> man-in-the-middle. It's safer than EasySSLSockeyProtocolFactory
> because you only download the certificate one time, whereas
> EasySSLSockeyProtocolFactory is always vulnerable, with every socket
> created. But nonetheless you should try to acquire the self-signed
> certificate through a different medium, maybe email (with
> encryption?), fax, telephone, letter mail, usb-drive, etc. Or if the
> self-signed cert is hosted on an properly signed "https" site, that's
> also okay (e.g. https://trustedsite.com/path/to/self-signed.pem).>
>
>
>
>
> On 12/6/06, Arunkumar Dubagunta <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > I need to make a call to an external URLs and post the data.
> >
> > Anybody has a solution for this.
> >
> > Any inputs will be greatly helpful. Thanks in advance.
> >
> > Thanks,
> > Arun Kumar Dubagunta
> >
> >
> > > -----Original Message-----
> > > From: Roland Weber [SMTP:[EMAIL PROTECTED]
> > > Sent: Wednesday, December 06, 2006 1:48 AM
> > > To: HttpClient User Discussion
> > > Subject: Re: how to treat the unknown certificate as trusted one
> > >
> > > Hello,
> > >
> > > > Protocol myhttps = new Protocol("https",new
> > > > EasySSLProtocolSocketFactory(), 443);
> > > > httpClient.getHostConfiguration().setHost("xxx.xxx.com", 443,
> > > myhttps);
> > > > int responseCode = httpClient.executeMethod(postMethod);
> > >
> > > This will only work if you are using _relative_ URLs like
> > > "/" or "/index.html". Register your protocol as the default
> > > handler for https, as described in the SSL guide.
> > >
> > > hope that helps,
> > > Roland
> > >
> > > << File: SMIME.txt >>
> >
> >
> >
> > -----------------------------------------
> > This e-mail, including attachments, may include confidential and/or
> > proprietary information, and may be used only by the person or
> > entity to which it is addressed. If the reader of this e-mail is
> > not the intended recipient or his or her authorized agent, the
> > reader is hereby notified that any dissemination, distribution or
> > copying of this e-mail is prohibited. If you have received this
> > e-mail in error, please notify the sender by replying to this
> > message and delete this e-mail immediately.
> >
> >
>
>
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
