You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by David Byrne <da...@yahoo.com> on 2008/01/30 18:59:01 UTC
AbstractVerifier in 4.x (was Invalid SSL Certs)
A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.
Thanks,
David Byrne
----- Original Message ----
From: David Byrne <da...@yahoo.com>
To: HttpClient User Discussion <ht...@hc.apache.org>
Sent: Wednesday, January 30, 2008 10:41:19 AM
Subject: Re: Invalid SSL Certs
After
taking
a
closer
look
at
the
existing
SSLSocketFactory,
can
I
just
set
the
setHostnameVerifier
to
a
class
that
always
returns
true
for
its
verify
methods?
That
would
also
let
me
log
any
defective
certs
without
disrupting
the
connection.
Thanks,
David
-----
Original
Message
----
From:
"ossfwot@dubioso.net"
<os...@dubioso.net>
To:
httpclient-users@hc.apache.org
Sent:
Tuesday,
January
29,
2008
11:35:09
PM
Subject:
Re:
Invalid
SSL
Certs
Hi
David,
>_Thanks. I read it several months ago when I didn't need SSL, and then
>_promptly forgot about it. I forgot to mention that I'm using client 4, but I
>_think the answer would be the same. I'll probably just extend the standard
>_socket factory and override connectSocket.
The interfaces have changed, but the principle is the same. Please override the standard _layered_ (secure) socket factory implementation. Forgetting to implement the extra interface for layering SSLis one of the frequently embraced pitfalls.
cheers,
Roland
---------------------------------------------------------------------
To
unsubscribe,
e-mail:
httpclient-users-unsubscribe@hc.apache.org
For
additional
commands,
e-mail:
httpclient-users-help@hc.apache.org
____________________________________________________________________________________
Never
miss
a
thing.
Make
Yahoo
your
home
page.
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To
unsubscribe,
e-mail:
httpclient-users-unsubscribe@hc.apache.org
For
additional
commands,
e-mail:
httpclient-users-help@hc.apache.org
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: AbstractVerifier in 4.x (was Invalid SSL Certs)
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2008-01-30 at 09:59 -0800, David Byrne wrote:
> A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.
>
No reason. I made the constructor public in the SVN trunk.
Oleg
> Thanks,
> David Byrne
>
>
> ----- Original Message ----
> From: David Byrne <da...@yahoo.com>
> To: HttpClient User Discussion <ht...@hc.apache.org>
> Sent: Wednesday, January 30, 2008 10:41:19 AM
> Subject: Re: Invalid SSL Certs
>
>
> After
> taking
> a
> closer
> look
> at
> the
> existing
> SSLSocketFactory,
> can
> I
> just
> set
> the
> setHostnameVerifier
> to
> a
> class
> that
> always
> returns
> true
> for
> its
> verify
> methods?
> That
> would
> also
> let
> me
> log
> any
> defective
> certs
> without
> disrupting
> the
> connection.
>
> Thanks,
> David
>
>
> -----
> Original
> Message
> ----
> From:
> "ossfwot@dubioso.net"
> <os...@dubioso.net>
> To:
> httpclient-users@hc.apache.org
> Sent:
> Tuesday,
> January
> 29,
> 2008
> 11:35:09
> PM
> Subject:
> Re:
> Invalid
> SSL
> Certs
>
>
> Hi
> David,
>
> >_Thanks. I read it several months ago when I didn't need SSL, and then
> >_promptly forgot about it. I forgot to mention that I'm using client 4, but I
> >_think the answer would be the same. I'll probably just extend the standard
> >_socket factory and override connectSocket.
>
> The interfaces have changed, but the principle is the same. Please override the standard _layered_ (secure) socket factory implementation. Forgetting to implement the extra interface for layering SSLis one of the frequently embraced pitfalls.
>
> cheers,
> Roland
>
> ---------------------------------------------------------------------
> To
> unsubscribe,
> e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For
> additional
> commands,
> e-mail:
> httpclient-users-help@hc.apache.org
>
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Never
> miss
> a
> thing.
> Make
> Yahoo
> your
> home
> page.
> http://www.yahoo.com/r/hs
>
> ---------------------------------------------------------------------
> To
> unsubscribe,
> e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For
> additional
> commands,
> e-mail:
> httpclient-users-help@hc.apache.org
>
>
>
>
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: AbstractVerifier in 4.x (was Invalid SSL Certs)
Posted by Julius Davies <ju...@gmail.com>.
Hi, David,
Hmmm... and there's also an AllowAllHostnameVerifier already in there.
But it's also lacking a public constructor, so it's no use to you at
the moment.
People are encouraged to create new JIRA tickets with patches attached! ;-)
yours,
Julius
On Jan 30, 2008 9:59 AM, David Byrne <da...@yahoo.com> wrote:
> A quick follow-up on AbstractVerifier. Is there a reason that the constructor isn't set to public? It makes it difficult to extend outside of the package.
>
> Thanks,
> David Byrne
>
>
--
yours,
Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org