[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Verify certificate; Correction



Sorry, the interpretation of

addTrustedCertificate(null)

was false; this only means that, if client authentication is requested, but
the client does not send a certificate, this missing of the certificate only
will be accepted by the server if previously "null" has been given the
status of being a "trusted" certificate by means of
addTrustedCertificate(null).

Dieter Bratko



----- Original Message -----
From: Dieter Bratko <Dieter.Bratko@iaik.at>
To: Mårten Larsson <marten@verifyeasy.com>; IAIK SSL
<iaik-ssl@iaik.tu-graz.ac.at>
Sent: Wednesday, January 26, 2000 6:06 PM
Subject: Re: [iaik-ssl] Verify certificate


> If no certificates have been put into the ChainVerifier by means of the
> addTrustedCertificate method, verifyChain will accept all valid
certificate
> (chains). If there are certificates have been imported via
> addTrustedCertificate only trusted certs are accepted.
>
> If you do not have imported trusted certs yet, but do not want to trust
any
> cert, you may call
>
> >
> for mistrusting all certificates.
>
> Dieter Bratko
>
> ----- Original Message -----
> From: Mårten Larsson <marten@verifyeasy.com>
> To: IAIK SSL <iaik-ssl@iaik.tu-graz.ac.at>
> Sent: Tuesday, January 25, 2000 3:24 PM
> Subject: [iaik-ssl] Verify certificate
>
>
> > I am using the SSLSocket for a simple SSL connection, but I cannot seem
> > to be able to verify the server certificate. The code I use is as
> > follows:
> >
> >     String host="10.10.0.2";
> >
> >     SSLClientContext context = new SSLClientContext();
> >     SSLSocket s = new SSLSocket(host, 443, context);
> >     s.startHandshake();
> >     X509Certificate[] cert = s.getPeerCertificateChain();
> >     ChainVerifier verifier = new ChainVerifier();
> >     if (verifier.verifyChain(cert, null))
> > System.out.println("OK");
> >     else
> > System.out.println("Not OK");
> >
> > The host I am connecting to only has a self signed certificate, which I
> > suppose should not be trusted.  The verifyChain() does however return
> > true. I guess I am missing something obvious...
> >
> > Any help is appreciated.
> >
> > Mårten
> > -----------------------------------------------------------------
> > VerifyEasy AB
> >
> > Mårten Larsson | Stadsgården 10 | S-116 45  Stockholm | SWEDEN
> > Tel: +46-(0)8-52752503 | Fax: +46-(0)8-52752599 | Mobile:
> > +46-(0)704-611902
> > :::::::::::::::::::::::::::::::::::::::: http://www.verifyeasy.com
> > --
> > Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the folowing
> content: UNSUBSCRIBE iaik-ssl
> >
> >
> >
>


smime.p7s