hey,
I am using [tcpcatcher |http://www.tcpcatcher.org/transparent_proxy.php] proxy tool in order to monitor an SSL communication.
It acts as an SSL server in the middle so the server certificate received by my client code is both
-self signed (not trusted) and
-not matching target server name.
My question is having for exemple this code
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
public class ClientSSL {
public static void main(String[] args) {
new ClientSSL().go();
}
private void go() {
try {
String sURL = "https://mail.google.com/mail/";
URL url = new URL(sURL);
URLConnection httpConn = url.openConnection();
httpConn.setDoInput(true);
httpConn.connect();
InputStream in = httpConn.getInputStream();
BufferedInputStream bufIn = new BufferedInputStream(in);
int nbytes;
do {
// Echo the response on the Java Console.
// This is crude, and just for demo purposes.
byte buf[] = new byte[8192];
nbytes = bufIn.read(buf, 0, 8192);
System.out.println(new String(buf,"US-ASCII"));
} while(nbytes > 0);
} catch (Exception e) {
System.out.println("Exception: " + e.getMessage());
}
}
}
What extra java code or jvm parameters should I add in order to turn off
- trusted issuer checking (in order to get rid off Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
- name matching certificate checking (in order to get rid off Exception: java.security.cert.CertificateException: No name matching mail.google.com found)
thanks