Subject: Does EasySSLProtocolSocketFactory check for certificates validity?

[Clemens Eisserer <li...@gmail.com>]

Hello,

I use the following code in my application, to make sure even
https-connections can be etablished if the server's certificate is
invalid/self-signed:

       Protocol myhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
       Protocol.registerProtocol("https", myhttps);

Is this enough?

I recently heard from one customer which said he ran into troubles
because the machine running HttpClient was unaware of the server's
certificates. Can this be right?

Thank you in advance, Clemens

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: Subject: Does EasySSLProtocolSocketFactory check for certificates validity?

[Oleg Kalnichevski <ol...@apache.org>]

On Sat, 2010-01-30 at 17:53 -0500, Clemens Eisserer wrote:
> Hello,
> 
> I use the following code in my application, to make sure even
> https-connections can be etablished if the server's certificate is
> invalid/self-signed:
> 
>        Protocol myhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>        Protocol.registerProtocol("https", myhttps);
> 
> Is this enough?
> 

That would be enough for self-signed but not for invalid certificates.


> I recently heard from one customer which said he ran into troubles
> because the machine running HttpClient was unaware of the server's
> certificates. Can this be right?
> 

Whether this is right or wrong could depend on your particular
application. Per default HttpClient trusts only server certificates
trusted by the Java runtime (certificates stored in the JRE keystore)

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org