Menu
▾
▴
Re: [Mantisbt-soap-dev] configuring mantis-axis-soap-client java library to connect to a site with self-signed SSL certificate
|
From: Robert M. <rob...@gm...> - 2015-12-14 19:50:40
|
Hi Alex, On Tue, Dec 8, 2015 at 11:40 PM, Alex Skor <al...@gm...> wrote: > I see... using a force-broken SSL factory is not an option for us because > the app supports multiple data connectors (MantisBT is one of them). > and if you force-break SSL certificate check, it will be broken for all of > them, not just mantisbt. > > there is no REST api for MantisBT, is there? > > this essentially means that people cannot connect to MantisBT using that > java library if the server is using a self-signed certificate (and majority > of them may do that...) - unless you open a security hole in your app where > you force the code to trust any servers, which defeats the purpose of using > SSL in the first place (a major part of it anyway - server authenticity > verification). which leads to simple passwords intercept when a fake server > is inserted in the middle. given that passwords can be LDAP-managed or > whatever, this is a problem... I am not sure this is a black-or-white situation. I understand you don't manage the deployment, but you manage the app, right? The same code that would go in the github soap client can go in your custom connector. Am I missing something? Thanks, Robert > > > > > On Tue, Dec 8, 2015 at 12:23 PM, Robert Munteanu <rob...@gm...> > wrote: >> >> Hi Alex, >> >> On Tue, Dec 8, 2015 at 7:15 PM, Alex Skor <al...@gm...> wrote: >> > hi Robert! what about providing a pre-configured http client to the >> > library? e.g. this is how I implemented it in Redmine Java API: >> > >> > >> > https://github.com/taskadapter/redmine-java-api/blob/master/src/main/java/com/taskadapter/redmineapi/RedmineManagerFactory.java >> > you can see these methods: >> > public static ClientConnectionManager >> > createConnectionManagerWithExtraTrust(Collection<KeyStore> trustStores) >> > public static RedmineManager createWithApiKey(String uri, String >> > apiAccessKey, HttpClient httpClient) >> > etc. >> > >> > I cannot install certificates on all machines where my program may be >> > running, so I was hoping to be able to provide a pre-configured >> > client/connection to MantisBT Java Library. >> >> I see what you mean. If you look at the project in github [1] you will >> see that there is no java code at all - we only generate the Axis >> stubs from the WSDL file. I'd like to keep it that way - simple, no >> maintenance - so if you need to update the security policy I would >> suggest to do it in your own Java code. >> >> Best, >> >> Robert >> >> >> [1]: https://github.com/rombert/mantis-axis-soap-client >> >> > >> > >> > On Tue, Dec 8, 2015 at 1:36 AM, Robert Munteanu >> > <rob...@gm...> >> > wrote: >> >> >> >> Hi, >> >> >> >> On Tue, Dec 8, 2015 at 6:40 AM, Alex Skor <al...@gm...> wrote: >> >> > hi! >> >> > >> >> > I submitted a question with a stacktrace here: >> >> > https://github.com/rombert/mantis-axis-soap-client/issues/1 >> >> >> >> You need to import the certificate to your trust store, see [1] for >> >> details on how to do that. >> >> >> >> Thanks, >> >> >> >> Robert >> >> >> >> [1]: >> >> >> >> http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate >> >> >> >> > >> >> > >> >> > -- >> >> > Alex >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Go from Idea to Many App Stores Faster with Intel(R) XDK >> >> > Give your users amazing mobile app experiences with Intel(R) XDK. >> >> > Use one codebase in this all-in-one HTML5 development environment. >> >> > Design, debug & build mobile apps & 2D/3D high-impact games for >> >> > multiple >> >> > OSs. >> >> > http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 >> >> > _______________________________________________ >> >> > Mantisbt-soap-dev mailing list >> >> > Man...@li... >> >> > https://lists.sourceforge.net/lists/listinfo/mantisbt-soap-dev >> >> > >> >> >> >> >> >> >> >> -- >> >> http://robert.muntea.nu/ >> > >> > >> > >> > >> > -- >> > Alex >> >> >> >> -- >> http://robert.muntea.nu/ > > > > > -- > Alex -- http://robert.muntea.nu/ |
