On Thu, 2007-07-05 at 08:28 +0530, Dhanushka Amarakoon wrote: > Hi > > I believe that I also tried what you suggested earlier. I reinitialized the > keyStore just before executing the httpGet method. But it still doesn't > work.
You mean the trust store, don't you? As I said just creating a new trust store is not enough. You have to create a new SSLContext using that new trust store. Essentially that means you have to create a new instance of the AuthSSLProtocolSocketFactory. Oleg > Can you please provide me with the necessary steps as to how to achive what > I require. > > > Reguards > > Dhanushka Amrakoon > > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 04, 2007 5:16 PM > To: HttpClient User Discussion > Subject: RE: HTTPS Certification problem > > On Mon, 2007-07-02 at 11:52 +0530, Dhanushka Amarakoon wrote: > > Hi > > > > I did what you suggested but I am unable to still obtain the result that I > > require. > > > > Can anyone please tell me a way to dynamically change the truststore used. > > It doesn't have to be something related to AuthSSLProtocolSocketFactory. > Any > > way to do it would be fine. > > > > I need to > > 1. Execute a HTTP get command > > 2. Check the truststore for any valid certificates. > > 3. If the truststore doesn't have the valid certificate obtain it from the > > end server and store it in the truststore. > > 4. reexecute the HTTP get command. Have to make sure that the truststore > > used is the newly updated truststore. > > > > I am able to do steps 1-3 successfully. > > But I am not able to reexecute the HTTP command again successfully as it > > still only obtains certificates from the old truststore not the new > updated > > one. > > > > If the trust store changes, you need to make sure the SSLContext > instance used to create SSL sockets gets reinitialized (recreated using > the new trust store). > > Hope this helps > > Oleg > > > BTW > > Thanks go out to Roland for helping me out. > > > > Reguards > > > > Dhanushka Amrakoon > > > > > > -----Original Message----- > > From: Roland Weber [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 29, 2007 10:49 PM > > To: HttpClient User Discussion > > Subject: Re: HTTPS Certification problem > > > > Hello Dhanushka, > > > > > while (retry <= retryCount) { > > > > > > try { > > > > > > Protocol authhttps = new Protocol("https", > > > new > > AuthSSLProtocolSocketFactory( > > > new URL( > > > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > > > That is a really strange format for a URL. I would have used > > file:///e:/Dhanushka/Connectors/AptiloConnector_new/my.keyStore > > Anyway, if it works. > > > > > "112233", > > > new URL( > > > > > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > > > "112233"), 443); > > > // httpclient.getHostConfiguration().setHost("localhost", 443, > > > authhttps); > > > Protocol.registerProtocol("https", authhttps); > > > > It is a rather bad idea to register the protocol in a loop. > > And it may not work as expected, depending on how the > > AuthSSLProtocolSocketFactory relates to SSL contexts. > > I can't tell you details, because I don't know them. > > But this _feels_ all wrong. > > Use one single AuthSSLProtocolSocketFactory. Modify the > > code of that factory so you can update the key store at > > runtime. Test and debug until you are sure that the new > > key store content is picked up at runtime. > > Then verify that the initial key store is read from the > > file referenced above. Afterwards, verify that updates > > to the key store are written to that very file. And make > > sure that the writing succeeds and is not prevented by > > some spurious file locks because a file is not properly > > closed or some such interference. > > > > good luck, > > Roland > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
