2003-07-02 19:51:22 UTC
Harmeet,
TestMaker 4 (http://www.pushtotest.com/ptt/) has proven to be an extremely nice tool to test my secure website I am developing.
There are, however two unfortunate aspects that make testing more cumbersome than necessary.
The underlying is aborting the https if anything with the certificates is wrong (not trusted, wrong CommonName, or expired, ...). It is certainly right that a testing tool should blame about such things, but in staging environment, it is not atypical that snakeoil keys change frequently, get out of date etc.
While this should be reported in the testing log, it should not stop a test from continuing as long as it is physically possible to do so.
While it appears to be possible to get around wrong names in the certificate with HttpsURLConnection.setDefaultHostnameVerifier(new YourHostnameVerifier()) by creating a less strict and radical hostname verifier, I haven't seen a way to fix that short of probably rewriting JSSE.
Now seeing your
http://sourceforge.net/projects/ssllib/, there appears to be new hope.
Being quite a Java novice - would your library facilitate it much to fix TestMaker toward my goals?
Any hints would be highly appreciated!
Rgds
Ralf
P.S.: Or should I rather look into
http://www.rtfm.com/puretls/ or bouncycastle.org?
P.P.S.: related discussion URLs at Sun are:
-
http://forum.java.sun.com/thread.jsp?forum=2&thread=282638&message=1101678
-
http://forum.java.sun.com/thread.jsp?forum=2&thread=411937
-
http://forum.java.sun.com/thread.jsp?forum=2&thread=295242
