Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Validating server certificates in Jetty HTTP Client 9.3.5.v20151012 
Hi there!

I'm writing some software that needs to connect to HTTPS servers. I'm
using Jetty HTTP client, and it works fine, except that I can't seem to
get it to validate the server's certificate.

I've tried various variations on this theme:

        SslContextFactory sslContextFactory = new SslContextFactory();
        char[] nullPassword = {};
        KeyStore keystore = KeyStore.getInstance("JKS", "SUN");
        keystore.load(null, nullPassword);

        sslContextFactory.setTrustManagerFactoryAlgorithm("SunX509");
        sslContextFactory.setKeyStore(keystore);
        sslContextFactory.setValidatePeerCerts(true);
        sslContextFactory.setValidateCerts(true);

        HttpClient httpClient = new HttpClient(sslContextFactory);
        httpClient.setFollowRedirects(false);
        httpClient.start();

...and, still, it seems perfectly happy to connect to servers whose
hostnames do not match the CNs in their certificates, that browsers
complain about.

Does anybody have an example of how to set this up?

The Jetty client tutorial says I can enable SSL certificate validation
by setting up an SslContextFactory, but doesn't give an example of how
to do it, and a recursive grep over the sources from git doesn't seem to
show any tests that call setValidate... methods!

Many thanks in advance,

ABS

-- 
Alaric Snell-Pym
http://www.snell-pym.org.uk/alaric/

Attachment: signature.asc
Description: OpenPGP digital signature

Back to the top