Hello!
For a webservice client, (over https) the server sent certificate has
wrong "name", but it has an good "alternative name".
I got javax.net.ssl.SSLHandshakeException: SSLHandshakeException.
I have very basic conduit settings:
<http:conduit name="url*">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="">
<sec:keyStore password="" resource="" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore password="" resource="" type="JKS"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used, but exclude anonymous
Diffie-Hellman key change as this is vulnerable to man-in-the-middle
attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
(with other https endponts its working)
How can is setup to check the "alternative name" too, and not only the
"name"?
Thanx
Csaba
