was this message mean for someone else?
On 6/3/07, Roland Weber <[EMAIL PROTECTED]> wrote:
Hello Thomas,
thanks for sharing this information.
> But in the code there is (EasyX509TrustManager.java):
>
> if ((certificates != null) && (certificates.length == 1)) {
> certificates[0].checkValidity();
> } else {
> standardTrustManager.checkServerTrusted(certificates,authType);
> }
>
> If you self-sign the certificate this is ok, but if you use certificates
> from e.g. cacert.org you'll still get errors because there are 2
> certificates to validate
The EasyX509TrustManager is specifically meant to be used in
test and development environments, that is with self-signed
toy certificates. If you have real certificates, you should
use a real trust manager instead of EasyXTM. Take a look at
AuthSSLX509TrustManager, it does loop over certificates:
http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java?view=markup
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
