Can I somehow ignore certificate expiration date?
843811Nov 22 2002 — edited Nov 23 2002Hi.
Some servers I use have a habit of not updating their certificates in time. This is proving hazardous for myself (and anyone using my code), as it causes downtime for days or weeks depending on how slack the remote site's sysadmin is.
The X509TrustManager interface defines a checkServerTrusted method which Sun implement by internally calling (amongst other things) X509Certificate.checkValidity(Date). If the certificate is out of date, checkValidity throws a CertificateException which trickles all the way up.
If I implement my own X509TrustManager I can catch this exception, but have no way to re-enter checkServerTrusted at the same point the problem occurred. This would allow 'just any' site to be considered trusted, which I don't consider to be ideal behaviour either.
So, I've come to the conclusion that stealing Sun's code, and adding a way to configure the internal behaviour, is the only way to get around the problem. However I have concerns that the International version of JSSE might not permit this, as technically it might be considered a 'custom provider', which is not permitted as per the license.
Anyone have any less risky ideas?