[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu||



Hello!
 
I am using Tomcat 4.1.16 as Web Server/Servlet Container, JDK 1.4 and  iSaSiLk 3.04 API (to support SSL protocol).
When my servlet tries to connect to a web-site with a non-valid digital certificate I obtain always this error in Tomcat:
 
"iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"
 
so I have written my own "ChainVerifier class" to avoid all this (only for debug and test purposes):
 
 
class MyChainVerifier extends ChainVerifier
{
 
 public MyChainVerifier()
 {
     super(1);
    setCheckServerName(false);
  }
  protected boolean verifyServer(X509Certificate[] certs, SSLTransport transport)
   {
    return true;
  }
 
  public void addTrustedCertificate(X509Certificate cert)
  {
  }
       
  protected boolean isTrustedCertificate(X509Certificate cert)
  {
    return true;
  }
 
protected boolean verifyCertificate(X509Certificate cert, X509Certificate issuerCert)
{
    return true;
  }
public boolean verifyChain(X509Certificate[] certs, SSLTransport transport)
{
       
   return true;
  
  }
    
   }
 
 
In my servlet's code  I use MyChainVerifier class in this way:
 
String url="https://www.myurl.com"  //The url I want to connect to.
 URL url = new URL(null,urlString, new iaik.protocol.https.Handler());
 HttpsURLConnection Con = (HttpsURLConnection)url.openConnection();
 SSLContext context = new SSLClientContext();
 MyChainVerifier MyV=new MyChainVerifier();
 context.setChainVerifier(MyV);
 Con.setSSLContext(context);
 
 
Given that "MyChainVerifier" class overrides all methods of "ChainVerifier" class so that all digital certificates are  verified successfully (in fact all the methods return true), I should have the exception "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier" any more, or not?
In any case i don't know why but I receive always this exception (when I connect to a site with a non valid certificate): it seems that my own
ChainVerified class is not used but instead it is used IAIK's default ChainVerifier class: WHY ?????????
 
Can someone help me, please?
 
Thanks everybody in advance.
 
                                                      Luca