Uploaded image for project: 'OpenShift Java Client'
  1. OpenShift Java Client
  2. OSJC-96

Allow users to refuse/allow "invalid" SSL Certificates

    XMLWordPrintable

Details

    • Feature Request
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • 2.5.0
    • 2.5.1
    • core
    • None

    Description

      The current implementation blindly allows SSL certificates that dont match the effective hostname.

      UrlConnectionHttpClient
      private class NoopHostnameVerifier implements HostnameVerifier {
      
      		public boolean verify(String hostname, SSLSession sslSession) {
      			return true;
      		}
      	}
      

      The very same is also true for self signed certificates which are blindly accepted:

      code:title=UrlConnectionHttpClient
      private class PermissiveTrustManager implements X509TrustManager {
      
      		public X509Certificate[] getAcceptedIssuers() {
      			return null;
      		}
      
      		public void checkServerTrusted(X509Certificate[] chain,
      				String authType) throws CertificateException {
      		}
      
      		public void checkClientTrusted(X509Certificate[] chain,
      				String authType) throws CertificateException {
      		}
      	}
      

      We should allow the user to allow/disallow these explicitly. I.ex with callbacks that Eclipse could use to present dialogs to the user.

      Attachments

        Issue Links

          Activity

            People

              adietish@redhat.com André Dietisheim
              adietish@redhat.com André Dietisheim
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: