[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Verify certificate



If no certificates have been put into the ChainVerifier by means of the
addTrustedCertificate method, verifyChain will accept all valid certificate
(chains). If there are certificates have been imported via
addTrustedCertificate only trusted certs are accepted.

If you do not have imported trusted certs yet, but do not want to trust any
cert, you may call

addTrustedCertificate(null)

for mistrusting all certificates.

Dieter Bratko

----- Original Message -----
From: Mårten Larsson <marten@verifyeasy.com>
To: IAIK SSL <iaik-ssl@iaik.tu-graz.ac.at>
Sent: Tuesday, January 25, 2000 3:24 PM
Subject: [iaik-ssl] Verify certificate


> I am using the SSLSocket for a simple SSL connection, but I cannot seem
> to be able to verify the server certificate. The code I use is as
> follows:
>
>     String host="10.10.0.2";
>
>     SSLClientContext context = new SSLClientContext();
>     SSLSocket s = new SSLSocket(host, 443, context);
>     s.startHandshake();
>     X509Certificate[] cert = s.getPeerCertificateChain();
>     ChainVerifier verifier = new ChainVerifier();
>     if (verifier.verifyChain(cert, null))
> System.out.println("OK");
>     else
> System.out.println("Not OK");
>
> The host I am connecting to only has a self signed certificate, which I
> suppose should not be trusted.  The verifyChain() does however return
> true. I guess I am missing something obvious...
>
> Any help is appreciated.
>
> Mårten
> -----------------------------------------------------------------
> VerifyEasy AB
>
> Mårten Larsson | Stadsgården 10 | S-116 45  Stockholm | SWEDEN
> Tel: +46-(0)8-52752503 | Fax: +46-(0)8-52752599 | Mobile:
> +46-(0)704-611902
> :::::::::::::::::::::::::::::::::::::::: http://www.verifyeasy.com
> --
> Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing
content: UNSUBSCRIBE iaik-ssl
>
>
>



smime.p7s