Uploaded image for project: 'OpenShift Java Client'
  1. OpenShift Java Client
  2. OSJC-96

Allow users to refuse/allow "invalid" SSL Certificates

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • 2.5.1
    • 2.5.0
    • core
    • None

      The current implementation blindly allows SSL certificates that dont match the effective hostname.

      UrlConnectionHttpClient
      private class NoopHostnameVerifier implements HostnameVerifier {

		public boolean verify(String hostname, SSLSession sslSession) {
			return true;
		}
	}

      The very same is also true for self signed certificates which are blindly accepted:

      code:title=UrlConnectionHttpClient
      private class PermissiveTrustManager implements X509TrustManager {

		public X509Certificate[] getAcceptedIssuers() {
			return null;
		}

		public void checkServerTrusted(X509Certificate[] chain,
				String authType) throws CertificateException {
		}

		public void checkClientTrusted(X509Certificate[] chain,
				String authType) throws CertificateException {
		}
	}

      We should allow the user to allow/disallow these explicitly. I.ex with callbacks that Eclipse could use to present dialogs to the user.

              adietish@redhat.com André Dietisheim
              adietish@redhat.com André Dietisheim
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: