You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by David Byrne <da...@yahoo.com> on 2008/01/30 18:59:01 UTC

AbstractVerifier in 4.x (was Invalid SSL Certs)

A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.

Thanks,
David Byrne


----- Original Message ----
From: David Byrne <da...@yahoo.com>
To: HttpClient User Discussion <ht...@hc.apache.org>
Sent: Wednesday, January 30, 2008 10:41:19 AM
Subject: Re: Invalid SSL Certs


After 
taking 
a 
closer 
look 
at 
the 
existing 
SSLSocketFactory, 
can 
I 
just 
set 
the 
setHostnameVerifier 
to 
a 
class 
that 
always 
returns 
true 
for 
its 
verify 
methods? 
That 
would 
also 
let 
me 
log 
any 
defective 
certs 
without 
disrupting 
the 
connection.

Thanks,
David


----- 
Original 
Message 
----
From: 
"ossfwot@dubioso.net" 
<os...@dubioso.net>
To: 
httpclient-users@hc.apache.org
Sent: 
Tuesday, 
January 
29, 
2008 
11:35:09 
PM
Subject: 
Re: 
Invalid 
SSL 
Certs


Hi 
David,

>_Thanks. I read it several months ago when I didn't need SSL, and then 
>_promptly forgot about it. I forgot to mention that I'm using client 4, but I 
>_think the answer would be the same. I'll probably just extend the standard 
>_socket factory and override connectSocket. 

The interfaces have changed, but the principle is the same. Please override the standard _layered_ (secure) socket factory implementation. Forgetting to implement the extra interface for layering SSLis one of the frequently embraced pitfalls.

cheers,
Roland

---------------------------------------------------------------------
To 
unsubscribe, 
e-mail: 
httpclient-users-unsubscribe@hc.apache.org
For 
additional 
commands, 
e-mail: 
httpclient-users-help@hc.apache.org






  
  
  
____________________________________________________________________________________
Never 
miss 
a 
thing.  
Make 
Yahoo 
your 
home 
page. 
http://www.yahoo.com/r/hs

---------------------------------------------------------------------
To 
unsubscribe, 
e-mail: 
httpclient-users-unsubscribe@hc.apache.org
For 
additional 
commands, 
e-mail: 
httpclient-users-help@hc.apache.org






      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: AbstractVerifier in 4.x (was Invalid SSL Certs)

Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2008-01-30 at 09:59 -0800, David Byrne wrote:
> A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.
> 

No reason. I made the constructor public in the SVN trunk.

Oleg


> Thanks,
> David Byrne
> 
> 
> ----- Original Message ----
> From: David Byrne <da...@yahoo.com>
> To: HttpClient User Discussion <ht...@hc.apache.org>
> Sent: Wednesday, January 30, 2008 10:41:19 AM
> Subject: Re: Invalid SSL Certs
> 
> 
> After 
> taking 
> a 
> closer 
> look 
> at 
> the 
> existing 
> SSLSocketFactory, 
> can 
> I 
> just 
> set 
> the 
> setHostnameVerifier 
> to 
> a 
> class 
> that 
> always 
> returns 
> true 
> for 
> its 
> verify 
> methods? 
> That 
> would 
> also 
> let 
> me 
> log 
> any 
> defective 
> certs 
> without 
> disrupting 
> the 
> connection.
> 
> Thanks,
> David
> 
> 
> ----- 
> Original 
> Message 
> ----
> From: 
> "ossfwot@dubioso.net" 
> <os...@dubioso.net>
> To: 
> httpclient-users@hc.apache.org
> Sent: 
> Tuesday, 
> January 
> 29, 
> 2008 
> 11:35:09 
> PM
> Subject: 
> Re: 
> Invalid 
> SSL 
> Certs
> 
> 
> Hi 
> David,
> 
> >_Thanks. I read it several months ago when I didn't need SSL, and then 
> >_promptly forgot about it. I forgot to mention that I'm using client 4, but I 
> >_think the answer would be the same. I'll probably just extend the standard 
> >_socket factory and override connectSocket. 
> 
> The interfaces have changed, but the principle is the same. Please override the standard _layered_ (secure) socket factory implementation. Forgetting to implement the extra interface for layering SSLis one of the frequently embraced pitfalls.
> 
> cheers,
> Roland
> 
> ---------------------------------------------------------------------
> To 
> unsubscribe, 
> e-mail: 
> httpclient-users-unsubscribe@hc.apache.org
> For 
> additional 
> commands, 
> e-mail: 
> httpclient-users-help@hc.apache.org
> 
> 
> 
> 
> 
> 
>   
>   
>   
> ____________________________________________________________________________________
> Never 
> miss 
> a 
> thing.  
> Make 
> Yahoo 
> your 
> home 
> page. 
> http://www.yahoo.com/r/hs
> 
> ---------------------------------------------------------------------
> To 
> unsubscribe, 
> e-mail: 
> httpclient-users-unsubscribe@hc.apache.org
> For 
> additional 
> commands, 
> e-mail: 
> httpclient-users-help@hc.apache.org
> 
> 
> 
> 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: AbstractVerifier in 4.x (was Invalid SSL Certs)

Posted by Julius Davies <ju...@gmail.com>.
Hi, David,

Hmmm... and there's also an AllowAllHostnameVerifier already in there.
 But it's also lacking a public constructor, so it's no use to you at
the moment.

People are encouraged to create new JIRA tickets with patches attached!  ;-)


yours,

Julius


On Jan 30, 2008 9:59 AM, David Byrne <da...@yahoo.com> wrote:
> A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.
>
> Thanks,
> David Byrne
>
>

-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org