You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by "Jochen Wiedmann (JIRA)" <xm...@ws.apache.org> on 2006/06/24 05:10:30 UTC
[jira] Closed: (XMLRPC-47) Add option to XmlRpcClient to ignore SSL
certificate validation
[ http://issues.apache.org/jira/browse/XMLRPC-47?page=all ]
Jochen Wiedmann closed XMLRPC-47:
---------------------------------
Resolution: Incomplete
No response, closing.
> Add option to XmlRpcClient to ignore SSL certificate validation
> ---------------------------------------------------------------
>
> Key: XMLRPC-47
> URL: http://issues.apache.org/jira/browse/XMLRPC-47
> Project: XML-RPC
> Type: Bug
> Components: Source
> Versions: 1.1
> Environment: Operating System: All
> Platform: All
> Reporter: Andriy Rozeluk
> Assignee: Jochen Wiedmann
>
> When using XML-RPC with SSL, and the server is using a self-signed certificate
> (say on a staging server), the Java net libraries throw an exception.
> As a suggestion, it should be possible to add a method, something like static
> setIgnoreSSLCerts(boolean) to XmlRpcClient and XmlRpcClientLite, which will
> override the TrustManager for the SSL connects. Thus, the user will have the
> benefit of SSL encryption, without the hassle of having to have that certificate
> signed by a CA.
> For example, before connect you can simply:
> javax.net.ssl.SSLSocketFactory.getDefault();
> X509TrustManager tm = new IgnoreSSLCertTrustManager();
> KeyManager[] km = null;
> TrustManager[] tma = {tm};
> SSLContext sc = SSLContext.getInstance("SSL");
> sc.init( km, tma, new java.security.SecureRandom() );
> SSLSocketFactory sf1 = sc.getSocketFactory();
> ... then when you get your URLConnection:
> URLConnection con = target.openConnection();
> if ( con instanceof HttpsURLConnection ){
> HttpsURLConnection secconn = (HttpsURLConnection)con;
> secconn.setSSLSocketFactory( sf1 );
> }
> The IgnoreSSLCertTrustManager simply implements X509TrustManager and returns
> true for both 'isClientTrusted' methods and does nothing for
> 'checkServerTrusted', then returns null for 'getAcceptedIssuers'.
> My apologies for not submitting this as a patch, but unfortunately I don't have
> those tools available to me at present.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org