[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[p2-dev] Self Signed Certs and HttpClient

Hi everyone (p2 & ECF)

Internally, some (many?) organizations have self-signed certs (for things like their internal build server). If you try to connect to a p2 repository using SSL with a self-signed cert it will fail [1].

[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=318339

Obviously the default behaviour here is fine, but what would be required if someone wanted to accept a self-signed cert? On HTTPClient 4, you can set the trust store, but I don't think the HTTP Client is accessible from outside ECF. So here are a few questions

What do others think? Is this a really bad idea? Are others hitting this problem too or is it just me?

Cheers,
Ian

--
R. Ian Bull | EclipseSource Victoria | +1 250 477 7484
http://eclipsesource.com | http://twitter.com/eclipsesource