Hello,
I'm connecting with java mail to a smtp server which offers STARTTLS. I would like to know if there is a way to get the server's certificate to my application using the java mail API. Basically, I just want to show the server certificate in the same way the openssl command does it :
openssl s_client -connect 192.168.0.1:25 -starttls smtp -showcerts
EDIT: ok I think I have to do this on a lower level with a SSL Socket:
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket("127.0.0.1", 8888);
socket.startHandshake();
SSLSession session = socket.getSession();
java.security.cert.Certificate[] servercerts = session.getPeerCertificates()
The problem is that when I do not have the remote certificate in my keystore, the "startHandshake" will fail. What I want to do is to offer the user the possibility to accept/refuse the certificate. How can I do this ?
EDIT2: I did the following workaround by implementing a dummy X509TrustManager : http://forums.sun.com/thread.jspa?threadID=183410
But now I don't know how to 1st connect in clear, then issue STARTTLS and then use a SSL socket to get the certificate.
Thanks,
Tex
Edited by: Tex-Twil on Jul 13, 2010 2:31 AM
Edited by: Tex-Twil on Jul 13, 2010 2:56 AM