Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Trusting all client certificates (still) 
Hi Joakim

thanks a lot for your fast reply!

> SslContextFactory is used by jetty-client and websocket-client as well
> to setup their client side (initiated) connections over SSL as well.
> It is in those contexts where SslContextFactory.setTrustAll(true)
> makes sense.

Indeed, from a client's perspective, I now understand the code - sorry,
apparently I was a bit too focused ;-)

> With client certificates talking to a server with its own certificates,
> it sounds like what you are looking for is the ability to disable the
> client certificate validation steps.  Not sure that exists.

Yes, probably something the like. To give a bit more background: I'm
working on an implementation of WebID+TLS-Authentication[1].
Basically, the certificate is only used as proof of possession of a
given keypair, trust is established by other means. Requirement for this
is the ability of the (Servlet-)code to read out an attribute (Subject
Alternate Name) of a given client-certificate.
Thus, I basically don't care what the connection code performs, as long
as it accepts any certificate and passes it along...

Hope that makes things more clear, also looking for some expert answers ;-)

Kind regards!

Pascal

[1] https://en.wikipedia.org/wiki/WebID

-- 
Bern University of Applied Sciences
Biel, Switzerland

Back to the top