Hi! I am working on creating a simple SSL server. The goal is for client to connect to server and have a SECURE connection. I don't want any certificate crap - all I want is (like in https) the bullet-proof connection. That is, by default, every server trusts every client, and every client trusts every server. I seem to have achieved it by creating my OWN trust manager that implements X509TrustManager, and not throwing exception from the authorization methods. Before I show you the code, keep in mind that keystores used by server and client are generated using keytool. Each contain a single key pair for server and for client. The programs run just fine, but I am conserned: is security still OK even after I did all that crap? Here's what my server code looks like:
And here's my client code:
Joined: Jul 22, 2003
All you "pros" out there... and nobody has an answer?