Re: Trouble bypassing Trust Manager

Tue, 03 Jul 2007 10:26:03 -0700

Welcome to your worst nightmare ... This is such a ridiculous process required to make java do what you want here.

These are adaptations from some similar source to what you found that I've been using for a while:

Attachment: DummySSLSocketFactory.java
Description: Binary data


Attachment: DummyTrustManager.java
Description: Binary data


I haven't tried this for imaps, but I use it in dev for smtps with the properties:

mail.smtps.socketFactory.class=com.mdimension.util.DummySSLSocketFactory
mail.smtps.socketFactory.fallback=false

I have some vague recollection that imaps doesn't work quite the same way as this, but you can try it first.  Next would be to import the cert into a keystore.  If you don't want to import into the default, you can set the keystore to use with:

javax.net.ssl.trustStore=/path/to/your/trustStore

For getting the cert from an IMAP server, I always end up on this page:

ms

On Jul 3, 2007, at 1:17 PM, Mitch Saltykov wrote:

Hi, all, I wonder if someone has dealt with this kind of thing before:

We're setting up a WO app that would retrieve emails from an IMAPS server and process the data in those specific emails.  Trouble is, we're using a self-signed SSL certificate, and that winds me up with validation exceptions that prevent us from proceeding:

javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors;
  nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

This comes about at the connect line:
store = session.getStore(urln);
store.connect();

We tried applying the example here: http://www.exampledepot.com/egs/javax.net.ssl/TrustAll.html but couldn't figure out how to actually force the app to use that trustmanager instead of the default.  Since that solution relies on deprecated libraries anyway, I was hoping someone more in the know may be able to direct me to an up-to-date way to resolve the issue.

Thanks in advance, 

-- Mitch Saltykov
212-465-8484 x412

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:

This email sent to [EMAIL PROTECTED]

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]

Reply via email to