You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by bu...@apache.org on 2003/08/06 17:55:36 UTC
DO NOT REPLY [Bug 22181] New: -
Add option to XmlRpcClient to ignore SSL certificate validation
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22181>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22181
Add option to XmlRpcClient to ignore SSL certificate validation
Summary: Add option to XmlRpcClient to ignore SSL certificate
validation
Product: XML-RPC
Version: 1.1
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Other
Component: Source
AssignedTo: rpc-dev@xml.apache.org
ReportedBy: arozeluk@compugen.com
When using XML-RPC with SSL, and the server is using a self-signed certificate
(say on a staging server), the Java net libraries throw an exception.
As a suggestion, it should be possible to add a method, something like static
setIgnoreSSLCerts(boolean) to XmlRpcClient and XmlRpcClientLite, which will
override the TrustManager for the SSL connects. Thus, the user will have the
benefit of SSL encryption, without the hassle of having to have that certificate
signed by a CA.
For example, before connect you can simply:
javax.net.ssl.SSLSocketFactory.getDefault();
X509TrustManager tm = new IgnoreSSLCertTrustManager();
KeyManager[] km = null;
TrustManager[] tma = {tm};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init( km, tma, new java.security.SecureRandom() );
SSLSocketFactory sf1 = sc.getSocketFactory();
... then when you get your URLConnection:
URLConnection con = target.openConnection();
if ( con instanceof HttpsURLConnection ){
HttpsURLConnection secconn = (HttpsURLConnection)con;
secconn.setSSLSocketFactory( sf1 );
}
The IgnoreSSLCertTrustManager simply implements X509TrustManager and returns
true for both 'isClientTrusted' methods and does nothing for
'checkServerTrusted', then returns null for 'getAcceptedIssuers'.
My apologies for not submitting this as a patch, but unfortunately I don't have
those tools available to me at present.