Re: how to do client authentication
On Thu, 2007-11-29 at 19:54 -0800, Raul Acevedo wrote:
> Well I looked more carefully at Julius' example and other sample code
> and figured out my problem is I was missing the
> Protocol.registerProtocol line.
>
> Unfortunately this sets the protocol handler globally, which is why
> Julius does a little hack of registering using "https-foo" and changing
> the URL to be "https-foo://blah". This works but I'm not crazy about
> it. Is there another way of setting the protocol handler for only a
> specific request? In the end I'm trying to set the keystore per
> request, not globally.
>
Just use a custom HostConfiguration
http://jakarta.apache.org/httpcomponents/httpclient-3.x/apidocs/org/apache/commons/httpclient/HttpClient.html#executeMethod(org.apache.commons.httpclient.HostConfiguration,%20org.apache.commons.httpclient.HttpMethod)
Make sure you use _relative_ request URIs when passing a custom
HostConfiguration to the HttpClient.html#executeMethod.
Oleg
> Thanks,
>
> Raul
>
> On Thu, 2007-11-29 at 11:29 -0800, Julius Davies wrote:
> > Hi, Raul,
> >
> > I use this technique:
> >
> > http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html
> >
> >
> > But I usually change the name of the scheme to something like
> > "https-foo://", so that only "https-foo://" uses the client cert, and
> > "https://"; continues to behave as before. So maybe more like this:
> >
> >
> > HttpSecureProtocol f = new HttpSecureProtocol();
> >
> > // might as well trust the usual suspects:
> > f.addTrustMaterial(TrustMaterial.CACERTS);
> >
> > // add client cert
> > char[] pwd = {'p','w','d'};
> > f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd);
> >
> > Protocol clientHttps = new Protocol("https-foo", f, 443);
> > Protocol.registerProtocol("https-foo", clientHttps);
> >
> > HttpClient client = new HttpClient();
> > GetMethod httpget = new GetMethod("https-foo://www.server.com/");
> > client.executeMethod(httpget);
> >
> >
> > NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and
> > that you're using that instead of compiling the httpclient "contrib"
> > code on your own. Not-Yet-Commons-SSL already has these in its jar
> > file:
> >
> > AuthSSLProtocolSocketFactory
> > EasySSLProtocolSocketFactory
> > StrictSSLProtocolSocketFactory
> >
> >
> > Good luck! It's been working well for me for years.
> >
> > yours,
> >
> > Julius
> >
> >
> > On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote:
> > > I don't want to omit keystore and truststore; I'm doing bidirectional
> > > (client and server) SSL authentication, that's the whole point.
> > >
> > > Do you know why I get the SocketException? In general, has anyone
> > > successfully done both client and server SSL authentication with
> > > HttpClient without using the javax.net.ssl.keyStore and trustStore
> > > properties?
> > >
> > > Raul
> > >
> > >
> > > On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
> > >
> > > >
> > > > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> > > >> Is there a way to do client authentication with HttpClient without
> > > >> setting javax.net.ssl.keyStore?
> > > >>
> > > >> I tried the following code after building the contrib files:
> > > >>
> > > >> HttpClient httpClient = new HttpClient();
> > > >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> > > >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> > > >> AuthSSLProtocolSocketFactory socketFactory =
> > > >> new AuthSSLProtocolSocketFactory(
> > > >> keyStoreURL, "keyStorePassword", trustStoreURL,
> > > >> "trustStorePassword");
> > > >> Protocol httpsProtocol = new Protocol(url.getProtocol(),
> > > >> socketFactory, url.getPort());
> > > >> httpClient.getHostConfiguration().setHost(url.getHost(),
> > > >> url.getPort(), httpsProtocol);
> > > >>
> > > >> But this fails with:
> > > >>
> > > >> java.net.SocketException: Default SSL context init failed: null
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Raul Acevedo
> > > >> http://www.cantara.com
> > > >>
> > > >
> > > > Paul,
> > > >
> > > > (1) Keystore is optional. You can safely omit it.
> > > > (2) Implement a custom trust manager that trusts anything. This way
> > > > you
> > > > will not need a truststore.
> > > > (3) Implement your own protocol socket factory that initializes the
> > > > SSL
> > > > context with your own trust-anything trust manager. You can use
> > > > EasySSLProtocolSocketFactory as a starting point.
> > > >
> > > > Hope this helps,
> > > >
> > > > Oleg
> > > >
> > > >>
> >
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
On Thu, 2007-11-29 at 16:40 -0800, Raul Acevedo wrote:
> Hi Julius, thanks for your suggestion. I'm a little hesitant to add a
> library from a non-Apache source.
(1) There is enough bad code in the Apache code repository.
(2) There are plans to bring nyc-ssl over to Apache
Oleg
> Do you know why my original example
> would give an error, or what essentially your code does that is
> different that allows it to work?
>
> Thanks,
>
> Raul
>
> On Thu, 2007-11-29 at 11:29 -0800, Julius Davies wrote:
> > Hi, Raul,
> >
> > I use this technique:
> >
> > http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html
> >
> >
> > But I usually change the name of the scheme to something like
> > "https-foo://", so that only "https-foo://" uses the client cert, and
> > "https://"; continues to behave as before. So maybe more like this:
> >
> >
> > HttpSecureProtocol f = new HttpSecureProtocol();
> >
> > // might as well trust the usual suspects:
> > f.addTrustMaterial(TrustMaterial.CACERTS);
> >
> > // add client cert
> > char[] pwd = {'p','w','d'};
> > f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd);
> >
> > Protocol clientHttps = new Protocol("https-foo", f, 443);
> > Protocol.registerProtocol("https-foo", clientHttps);
> >
> > HttpClient client = new HttpClient();
> > GetMethod httpget = new GetMethod("https-foo://www.server.com/");
> > client.executeMethod(httpget);
> >
> >
> > NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and
> > that you're using that instead of compiling the httpclient "contrib"
> > code on your own. Not-Yet-Commons-SSL already has these in its jar
> > file:
> >
> > AuthSSLProtocolSocketFactory
> > EasySSLProtocolSocketFactory
> > StrictSSLProtocolSocketFactory
> >
> >
> > Good luck! It's been working well for me for years.
> >
> > yours,
> >
> > Julius
> >
> >
> > On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote:
> > > I don't want to omit keystore and truststore; I'm doing bidirectional
> > > (client and server) SSL authentication, that's the whole point.
> > >
> > > Do you know why I get the SocketException? In general, has anyone
> > > successfully done both client and server SSL authentication with
> > > HttpClient without using the javax.net.ssl.keyStore and trustStore
> > > properties?
> > >
> > > Raul
> > >
> > >
> > > On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
> > >
> > > >
> > > > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> > > >> Is there a way to do client authentication with HttpClient without
> > > >> setting javax.net.ssl.keyStore?
> > > >>
> > > >> I tried the following code after building the contrib files:
> > > >>
> > > >> HttpClient httpClient = new HttpClient();
> > > >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> > > >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> > > >> AuthSSLProtocolSocketFactory socketFactory =
> > > >> new AuthSSLProtocolSocketFactory(
> > > >> keyStoreURL, "keyStorePassword", trustStoreURL,
> > > >> "trustStorePassword");
> > > >> Protocol httpsProtocol = new Protocol(url.getProtocol(),
> > > >> socketFactory, url.getPort());
> > > >> httpClient.getHostConfiguration().setHost(url.getHost(),
> > > >> url.getPort(), httpsProtocol);
> > > >>
> > > >> But this fails with:
> > > >>
> > > >> java.net.SocketException: Default SSL context init failed: null
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Raul Acevedo
> > > >> http://www.cantara.com
> > > >>
> > > >
> > > > Paul,
> > > >
> > > > (1) Keystore is optional. You can safely omit it.
> > > > (2) Implement a custom trust manager that trusts anything. This way
> > > > you
> > > > will not need a truststore.
> > > > (3) Implement your own protocol socket factory that initializes the
> > > > SSL
> > > > context with your own trust-anything trust manager. You can use
> > > > EasySSLProtocolSocketFactory as a starting point.
> > > >
> > > > Hope this helps,
> > > >
> > > > Oleg
> > > >
> > > >>
> >
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
Well I looked more carefully at Julius' example and other sample code
and figured out my problem is I was missing the
Protocol.registerProtocol line.
Unfortunately this sets the protocol handler globally, which is why
Julius does a little hack of registering using "https-foo" and changing
the URL to be "https-foo://blah". This works but I'm not crazy about
it. Is there another way of setting the protocol handler for only a
specific request? In the end I'm trying to set the keystore per
request, not globally.
Thanks,
Raul
On Thu, 2007-11-29 at 11:29 -0800, Julius Davies wrote:
> Hi, Raul,
>
> I use this technique:
>
> http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html
>
>
> But I usually change the name of the scheme to something like
> "https-foo://", so that only "https-foo://" uses the client cert, and
> "https://"; continues to behave as before. So maybe more like this:
>
>
> HttpSecureProtocol f = new HttpSecureProtocol();
>
> // might as well trust the usual suspects:
> f.addTrustMaterial(TrustMaterial.CACERTS);
>
> // add client cert
> char[] pwd = {'p','w','d'};
> f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd);
>
> Protocol clientHttps = new Protocol("https-foo", f, 443);
> Protocol.registerProtocol("https-foo", clientHttps);
>
> HttpClient client = new HttpClient();
> GetMethod httpget = new GetMethod("https-foo://www.server.com/");
> client.executeMethod(httpget);
>
>
> NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and
> that you're using that instead of compiling the httpclient "contrib"
> code on your own. Not-Yet-Commons-SSL already has these in its jar
> file:
>
> AuthSSLProtocolSocketFactory
> EasySSLProtocolSocketFactory
> StrictSSLProtocolSocketFactory
>
>
> Good luck! It's been working well for me for years.
>
> yours,
>
> Julius
>
>
> On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote:
> > I don't want to omit keystore and truststore; I'm doing bidirectional
> > (client and server) SSL authentication, that's the whole point.
> >
> > Do you know why I get the SocketException? In general, has anyone
> > successfully done both client and server SSL authentication with
> > HttpClient without using the javax.net.ssl.keyStore and trustStore
> > properties?
> >
> > Raul
> >
> >
> > On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
> >
> > >
> > > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> > >> Is there a way to do client authentication with HttpClient without
> > >> setting javax.net.ssl.keyStore?
> > >>
> > >> I tried the following code after building the contrib files:
> > >>
> > >> HttpClient httpClient = new HttpClient();
> > >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> > >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> > >> AuthSSLProtocolSocketFactory socketFactory =
> > >> new AuthSSLProtocolSocketFactory(
> > >> keyStoreURL, "keyStorePassword", trustStoreURL,
> > >> "trustStorePassword");
> > >> Protocol httpsProtocol = new Protocol(url.getProtocol(),
> > >> socketFactory, url.getPort());
> > >> httpClient.getHostConfiguration().setHost(url.getHost(),
> > >> url.getPort(), httpsProtocol);
> > >>
> > >> But this fails with:
> > >>
> > >> java.net.SocketException: Default SSL context init failed: null
> > >>
> > >> Thanks,
> > >>
> > >> Raul Acevedo
> > >> http://www.cantara.com
> > >>
> > >
> > > Paul,
> > >
> > > (1) Keystore is optional. You can safely omit it.
> > > (2) Implement a custom trust manager that trusts anything. This way
> > > you
> > > will not need a truststore.
> > > (3) Implement your own protocol socket factory that initializes the
> > > SSL
> > > context with your own trust-anything trust manager. You can use
> > > EasySSLProtocolSocketFactory as a starting point.
> > >
> > > Hope this helps,
> > >
> > > Oleg
> > >
> > >>
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
Hi Julius, thanks for your suggestion. I'm a little hesitant to add a
library from a non-Apache source. Do you know why my original example
would give an error, or what essentially your code does that is
different that allows it to work?
Thanks,
Raul
On Thu, 2007-11-29 at 11:29 -0800, Julius Davies wrote:
> Hi, Raul,
>
> I use this technique:
>
> http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html
>
>
> But I usually change the name of the scheme to something like
> "https-foo://", so that only "https-foo://" uses the client cert, and
> "https://"; continues to behave as before. So maybe more like this:
>
>
> HttpSecureProtocol f = new HttpSecureProtocol();
>
> // might as well trust the usual suspects:
> f.addTrustMaterial(TrustMaterial.CACERTS);
>
> // add client cert
> char[] pwd = {'p','w','d'};
> f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd);
>
> Protocol clientHttps = new Protocol("https-foo", f, 443);
> Protocol.registerProtocol("https-foo", clientHttps);
>
> HttpClient client = new HttpClient();
> GetMethod httpget = new GetMethod("https-foo://www.server.com/");
> client.executeMethod(httpget);
>
>
> NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and
> that you're using that instead of compiling the httpclient "contrib"
> code on your own. Not-Yet-Commons-SSL already has these in its jar
> file:
>
> AuthSSLProtocolSocketFactory
> EasySSLProtocolSocketFactory
> StrictSSLProtocolSocketFactory
>
>
> Good luck! It's been working well for me for years.
>
> yours,
>
> Julius
>
>
> On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote:
> > I don't want to omit keystore and truststore; I'm doing bidirectional
> > (client and server) SSL authentication, that's the whole point.
> >
> > Do you know why I get the SocketException? In general, has anyone
> > successfully done both client and server SSL authentication with
> > HttpClient without using the javax.net.ssl.keyStore and trustStore
> > properties?
> >
> > Raul
> >
> >
> > On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
> >
> > >
> > > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> > >> Is there a way to do client authentication with HttpClient without
> > >> setting javax.net.ssl.keyStore?
> > >>
> > >> I tried the following code after building the contrib files:
> > >>
> > >> HttpClient httpClient = new HttpClient();
> > >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> > >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> > >> AuthSSLProtocolSocketFactory socketFactory =
> > >> new AuthSSLProtocolSocketFactory(
> > >> keyStoreURL, "keyStorePassword", trustStoreURL,
> > >> "trustStorePassword");
> > >> Protocol httpsProtocol = new Protocol(url.getProtocol(),
> > >> socketFactory, url.getPort());
> > >> httpClient.getHostConfiguration().setHost(url.getHost(),
> > >> url.getPort(), httpsProtocol);
> > >>
> > >> But this fails with:
> > >>
> > >> java.net.SocketException: Default SSL context init failed: null
> > >>
> > >> Thanks,
> > >>
> > >> Raul Acevedo
> > >> http://www.cantara.com
> > >>
> > >
> > > Paul,
> > >
> > > (1) Keystore is optional. You can safely omit it.
> > > (2) Implement a custom trust manager that trusts anything. This way
> > > you
> > > will not need a truststore.
> > > (3) Implement your own protocol socket factory that initializes the
> > > SSL
> > > context with your own trust-anything trust manager. You can use
> > > EasySSLProtocolSocketFactory as a starting point.
> > >
> > > Hope this helps,
> > >
> > > Oleg
> > >
> > >>
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
Hi, Raul,
I use this technique:
http://www.juliusdavies.ca/commons-ssl/TrustExample.java.html
But I usually change the name of the scheme to something like
"https-foo://", so that only "https-foo://" uses the client cert, and
"https://"; continues to behave as before. So maybe more like this:
HttpSecureProtocol f = new HttpSecureProtocol();
// might as well trust the usual suspects:
f.addTrustMaterial(TrustMaterial.CACERTS);
// add client cert
char[] pwd = {'p','w','d'};
f.setKeyMaterial(new KeyMaterial("/path/to/file.jks", pwd);
Protocol clientHttps = new Protocol("https-foo", f, 443);
Protocol.registerProtocol("https-foo", clientHttps);
HttpClient client = new HttpClient();
GetMethod httpget = new GetMethod("https-foo://www.server.com/");
client.executeMethod(httpget);
NOTE: This assumes not-yet-commons-ssl.jar is on your classpath, and
that you're using that instead of compiling the httpclient "contrib"
code on your own. Not-Yet-Commons-SSL already has these in its jar
file:
AuthSSLProtocolSocketFactory
EasySSLProtocolSocketFactory
StrictSSLProtocolSocketFactory
Good luck! It's been working well for me for years.
yours,
Julius
On Nov 29, 2007 9:47 AM, Raul Acevedo <[EMAIL PROTECTED]> wrote:
> I don't want to omit keystore and truststore; I'm doing bidirectional
> (client and server) SSL authentication, that's the whole point.
>
> Do you know why I get the SocketException? In general, has anyone
> successfully done both client and server SSL authentication with
> HttpClient without using the javax.net.ssl.keyStore and trustStore
> properties?
>
> Raul
>
>
> On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
>
> >
> > On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> >> Is there a way to do client authentication with HttpClient without
> >> setting javax.net.ssl.keyStore?
> >>
> >> I tried the following code after building the contrib files:
> >>
> >> HttpClient httpClient = new HttpClient();
> >> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> >> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> >> AuthSSLProtocolSocketFactory socketFactory =
> >> new AuthSSLProtocolSocketFactory(
> >> keyStoreURL, "keyStorePassword", trustStoreURL,
> >> "trustStorePassword");
> >> Protocol httpsProtocol = new Protocol(url.getProtocol(),
> >> socketFactory, url.getPort());
> >> httpClient.getHostConfiguration().setHost(url.getHost(),
> >> url.getPort(), httpsProtocol);
> >>
> >> But this fails with:
> >>
> >> java.net.SocketException: Default SSL context init failed: null
> >>
> >> Thanks,
> >>
> >> Raul Acevedo
> >> http://www.cantara.com
> >>
> >
> > Paul,
> >
> > (1) Keystore is optional. You can safely omit it.
> > (2) Implement a custom trust manager that trusts anything. This way
> > you
> > will not need a truststore.
> > (3) Implement your own protocol socket factory that initializes the
> > SSL
> > context with your own trust-anything trust manager. You can use
> > EasySSLProtocolSocketFactory as a starting point.
> >
> > Hope this helps,
> >
> > Oleg
> >
> >>
--
yours,
Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
I don't want to omit keystore and truststore; I'm doing bidirectional
(client and server) SSL authentication, that's the whole point.
Do you know why I get the SocketException? In general, has anyone
successfully done both client and server SSL authentication with
HttpClient without using the javax.net.ssl.keyStore and trustStore
properties?
Raul
On Nov 29, 2007, at 3:19 AM, Oleg Kalnichevski wrote:
On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
Is there a way to do client authentication with HttpClient without
setting javax.net.ssl.keyStore?
I tried the following code after building the contrib files:
HttpClient httpClient = new HttpClient();
URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
AuthSSLProtocolSocketFactory socketFactory =
new AuthSSLProtocolSocketFactory(
keyStoreURL, "keyStorePassword", trustStoreURL,
"trustStorePassword");
Protocol httpsProtocol = new Protocol(url.getProtocol(),
socketFactory, url.getPort());
httpClient.getHostConfiguration().setHost(url.getHost(),
url.getPort(), httpsProtocol);
But this fails with:
java.net.SocketException: Default SSL context init failed: null
Thanks,
Raul Acevedo
http://www.cantara.com
Paul,
(1) Keystore is optional. You can safely omit it.
(2) Implement a custom trust manager that trusts anything. This way
you
will not need a truststore.
(3) Implement your own protocol socket factory that initializes the
SSL
context with your own trust-anything trust manager. You can use
EasySSLProtocolSocketFactory as a starting point.
Hope this helps,
Oleg
-
To unsubscribe, e-mail: httpclient-user-
[EMAIL PROTECTED]
For additional commands, e-mail: httpclient-user-
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: httpclient-user-
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to do client authentication
On Wed, 2007-11-28 at 20:08 -0800, Raul Acevedo wrote:
> Is there a way to do client authentication with HttpClient without
> setting javax.net.ssl.keyStore?
>
> I tried the following code after building the contrib files:
>
> HttpClient httpClient = new HttpClient();
> URL keyStoreURL = new URL("file:/home/raul/keyStore.jks");
> URL trustStoreURL = new URL("file:/home/raul/trustStore.jks");
> AuthSSLProtocolSocketFactory socketFactory =
> new AuthSSLProtocolSocketFactory(
> keyStoreURL, "keyStorePassword", trustStoreURL,
> "trustStorePassword");
> Protocol httpsProtocol = new Protocol(url.getProtocol(), socketFactory,
> url.getPort());
> httpClient.getHostConfiguration().setHost(url.getHost(), url.getPort(),
> httpsProtocol);
>
> But this fails with:
>
> java.net.SocketException: Default SSL context init failed: null
>
> Thanks,
>
> Raul Acevedo
> http://www.cantara.com
>
Paul,
(1) Keystore is optional. You can safely omit it.
(2) Implement a custom trust manager that trusts anything. This way you
will not need a truststore.
(3) Implement your own protocol socket factory that initializes the SSL
context with your own trust-anything trust manager. You can use
EasySSLProtocolSocketFactory as a starting point.
Hope this helps,
Oleg
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
