From: Moore, G. <Gre...@ad...> - 2008-04-01 18:10:06
|
Thanks David. that link helps. So I need to setup a trust manager even though I'm trying to use a more pythonic solution? Is that because this is running on a JVM? And if that's that case wouldn't it make the discussions (on the dev mailing list) about if jython SSL support should work like CPyhton a moot point. e.g. it never can because of the JVM?!?!?? Greg. -----Original Message----- From: David Huebel [mailto:dav...@gm...] Sent: Monday, March 31, 2008 8:36 PM To: Moore, Greg Cc: jyt...@li... Subject: Re: [Jython-users] SSL socket failure. On Mon, Mar 31, 2008 at 8:10 PM, Moore, Greg <Gre...@ad...> wrote: > > javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > > > For the purposes of what I'm doing I don't really want (or even need) to > deal with certificates. The Java SSL implementation checks certificates by default. See the second message in this thread for a way to disable checking: http://forum.java.sun.com/thread.jspa?threadID=660461&tstart=0 If you want to check certificates, you need to find the cert used to sign the server's cert and make it available to your application. You have two options for making it available to the application: 1) put the cert into the JRE's default trust store (which is impractical when deploying to multiple machines), or 2) point your application to a special trust store containing the cert For both of those, see "Customizing the Default Key and Trust Stores" in this guide: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERef Guide.html The handy (or possibly annoying) thing about customizing the trust store is that most libraries use Java's SSL implementation without overriding the defaults and will therefore use your custom trust store. - David This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. |