Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

custom HostnameVerifier ignored

843811Oct 4 2007 — edited Oct 4 2007
Hello,

I've searched this forum extensively for a solution, but to no avail, so I'll try to ask here.

I have written a custom implementation of "javax.net.ssl.HostnameVerifier" (a class name "BOHostnameVerifier") which should perform some additional checks and allow for certain untrusted certificates as well. Then I registered it with

HttpsURLConnection.setDefaultHostnameVerifier(new BOHostnameVerifier());

But apparently Sun's SSL ignores my verifier, and the handshake fails. I also tried to set the verifier again on the connection instance like this:

URL url = new URL(serviceUrl);
connection = url.openConnection();
if(connection instanceof HttpsURLConnection) {
HttpsURLConnection httpsConn = (HttpsURLConnection)connection;
/* Set custom verifier */
httpsConn.setHostnameVerifier(new BOHostnameVerifier());
}

connection.setDoOutput(true);
connection.setDoInput(true);
connection.setUseCaches(false);

/* The following line triggers the SSL handshake */
printout = new DataOutputStream(connection.getOutputStream());

But no matter what I do, the SSL handshake always fails with an exception like the one below (with JDK 1.4). And as my debug logs show, my custom verifier is never invoked at all (the very first statement in the "verify" method is a simple "System.out.println", just to be sure).

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:570)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA12275)
at com.tetrade.cs.sls.customer.adapter.service.bo.BOHttpsServiceWrapper.sendHttpRequest(BOHttpsServiceWrapper.java:413)
at com.tetrade.cs.sls.customer.adapter.service.bo.BOHttpsServiceWrapper.sendRequest(BOHttpsServiceWrapper.java:334)
at com.tetrade.cs.sls.customer.adapter.service.bo.BOHttpsServiceWrapper.sendLoginRequest(BOHttpsServiceWrapper.java:224)
at com.tetrade.cs.sls.customer.adapter.service.bo.BOHttpsServiceWrapperChecker.testBOConnection(BOHttpsServiceWrapperChecker.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:154)
.....

Is there anything specific, like configuring something in the security policy, in order to activate a custom HostnameVerifier? I can't find anything in the documentation. Did I understand something wrong about this interface?

Thanks for any help!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 1 2007
Added on Oct 4 2007
#java-secure-socket-extension-jsse
1 comment
379 views