On Mon, 2007-07-02 at 11:52 +0530, Dhanushka Amarakoon wrote: > Hi > > I did what you suggested but I am unable to still obtain the result that I > require. > > Can anyone please tell me a way to dynamically change the truststore used. > It doesn't have to be something related to AuthSSLProtocolSocketFactory. Any > way to do it would be fine. > > I need to > 1. Execute a HTTP get command > 2. Check the truststore for any valid certificates. > 3. If the truststore doesn't have the valid certificate obtain it from the > end server and store it in the truststore. > 4. reexecute the HTTP get command. Have to make sure that the truststore > used is the newly updated truststore. > > I am able to do steps 1-3 successfully. > But I am not able to reexecute the HTTP command again successfully as it > still only obtains certificates from the old truststore not the new updated > one. >
If the trust store changes, you need to make sure the SSLContext instance used to create SSL sockets gets reinitialized (recreated using the new trust store). Hope this helps Oleg > BTW > Thanks go out to Roland for helping me out. > > Reguards > > Dhanushka Amrakoon > > > -----Original Message----- > From: Roland Weber [mailto:[EMAIL PROTECTED] > Sent: Friday, June 29, 2007 10:49 PM > To: HttpClient User Discussion > Subject: Re: HTTPS Certification problem > > Hello Dhanushka, > > > while (retry <= retryCount) { > > > > try { > > > > Protocol authhttps = new Protocol("https", > > new > AuthSSLProtocolSocketFactory( > > new URL( > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > That is a really strange format for a URL. I would have used > file:///e:/Dhanushka/Connectors/AptiloConnector_new/my.keyStore > Anyway, if it works. > > > "112233", > > new URL( > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > "112233"), 443); > > // httpclient.getHostConfiguration().setHost("localhost", 443, > > authhttps); > > Protocol.registerProtocol("https", authhttps); > > It is a rather bad idea to register the protocol in a loop. > And it may not work as expected, depending on how the > AuthSSLProtocolSocketFactory relates to SSL contexts. > I can't tell you details, because I don't know them. > But this _feels_ all wrong. > Use one single AuthSSLProtocolSocketFactory. Modify the > code of that factory so you can update the key store at > runtime. Test and debug until you are sure that the new > key store content is picked up at runtime. > Then verify that the initial key store is read from the > file referenced above. Afterwards, verify that updates > to the key store are written to that very file. And make > sure that the writing succeeds and is not prevented by > some spurious file locks because a file is not properly > closed or some such interference. > > good luck, > Roland > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
