• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL - client side - trusting untrusted certificates?

 
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Basically I have a web-based spider, that works just like any other spider. One problem though � it won�t spider SSL pages that have untrusted certificates. So I was thinking of a good way to make it trust ALL the certificates (since it uses the URL class to read the pages)

So, I researched it and found an �old-fashioned� way to do this � by overriding TrustManager, and making it trust everything, and saving it in SSLContext or something. Basically, it would look like this:





TRUST MANAGER;





Custom socket factory:




And here�s the sample code that I would use to test this:




The only �real� piece here is the �Security.setProperty�, which sort of replaces default socket factory with my crappy implementation.

I believe this used to work back on 1.4.2, but I am running 1.5, and here�s the problem that I get when executing the following code:



Any thoughts on how I could fix the �HttpsClient� to make it accept invalid certificates? Going back to 1.4.2 is not an option�

Thanks in advance for your help.



________________________________________
Best Regards,

Ivan V. Jouikov
(206) 228-6670
 
reply
    Bookmark Topic Watch Topic
  • New Topic