-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei,
On 9/10/2010 4:05 AM, Andrei Lunjov wrote: > Hi Jos, > > I just try to do: > > <map:generate src="https://asite.with.invalid.cert/some/resource"/> > > And sun.net.www.protocol.https.HttpsURLConnectionImpl if I remember > right throws an exception. > Cert is invalid, so adding it trust store is questionable. > I'd like to ignore the cert check at all, something like this: > http://www.exampledepot.com/egs/javax.net.ssl/TrustAll.html > And it's a big question for me what would be a best way add this > modification, preferably so I can switch cert check on and off for > different resources. The code below will disable SSL checking for /all/ resources, and can easily be put into a ServletContextListener in order to modify the SSL cert checking behavior for a webapp at startup (that is, it's relatively easy to just slap this into an existing Cocoon installation). public static void disableSSLCertificateChecking() throws NoSuchAlgorithmException, KeyManagementException { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } As I mentioned, this won't help with the resource-specific connections. The code above could be adapted to work inside a generator in order to exempt that single resource from SSL certificate checking. Maybe I'll take a look at the Cocoon code and propose a patch if it's useful. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyKdiYACgkQ9CaO5/Lv0PAiWQCcCKh0Y03+D8DOhetTpe2Dh/I+ s10Anj8vsvxh9/lzCQTmGimQOU925yhS =kADE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org