Re: [ebxmlms-develop] Fix for TrustedAnchor

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for your comment and your deep investigation.
We will try to fix the bug as soon as possible.

Regards,
Bob Koon

Mattias J wrote:

> Hi Hermes developers. I have been in a discussion on the user list, 
> primarily with Ronald van Kuijk, about issues concerning trusted SSL 
> certificates and Java 1.4. I asked that somebody should forward my 
> conclusions to the development list but I can see in the archives that 
> has not been done (is everyone else on vacation???). Now I have had 
> time to perform some actual testing under Java 1.3.1 so I have joined 
> the dev-list to discuss the changes that need to me made.
>
> First off, the TrustedAnchor setting is not working, and I cannot see 
> how it could have been working since revision 1.7 of 
> hk.hku.cecid.phoenix.message.transport.Http and the introduction of 
> the attibute TrustManager[] trustManagers, clashing with the local 
> variable of the same name (existing since rev 1.6).
>
> I discovered the problem trying to use a setting similar to the 
> following under JDK 1.4 and have now verified it does not work under 
> 1.3 either:
>   <SSL>
>        <!-- Trust keystore for SSL Server Authentication -->
>        <TrustedAnchor>
>          <KeyStore>
>            <Path>/hermes</Path>
>            <File>trusted.keystore</File>
>            <Password>foobar</Password>
>          </KeyStore>
>        </TrustedAnchor>
>    </SSL>
>
> The problem is solved by removing the local TrustManager[] 
> trustManagers variable on line 185 of 
> hk.hku.cecid.phoenix.message.transport.Http so that the attribute is 
> used instead. Line 186 could also be removed, since that variable is 
> never used. Here is a diff applicable to revision 1.12:
>
> 185,186d184
> <         TrustManager[] trustManagers = null;
> <         KeyManager[] keyManagers = null;
>
> Please incorporate this into the CVS.
>
>
>   Mattias Jiderhamn
>   Expert Systems
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital 
> self defense, top technical experts, no vendor pitches, unmatched 
> networking opportunities. Visit www.blackhat.com
> _______________________________________________
> ebxmlms-develop mailing list
> ebx...@li...
> https://lists.sourceforge.net/lists/listinfo/ebxmlms-develop
>