Using multiple trust stores for https

J

Jon Skeet

Hi folks - long time no post.

I'm back in Java-land at the moment, and trying to sort out an SSL
problem. I need to open an https connection using a specific trust
store, but I *don't* want to use the system property of
javax.net.ssl.trustStore, as this shouldn't be an application-wide
setting. I've been poring over the docs for SSLSocketFactory etc but
I'm blowed if I can see what I should be doing.

Everything I've found using Google seems to refer to setting the system
property, apart from one post from November 2000 asking a similar
question and getting no replies.

Any suggestions?

Jon Skeet
 
A

Arnaud B.

Hi,

Maybe you could search for the apache tomcat implementation :

org.apache.catalina.net.SSLServerSocketFactory

This one seems to have methods to specify KeyStore stuff.

Hope it helps.

Regards,

Arnaud
 
J

Jon Skeet

Arnaud said:
Maybe you could search for the apache tomcat implementation :

org.apache.catalina.net.SSLServerSocketFactory

This one seems to have methods to specify KeyStore stuff.
Click to expand...

It's more a case of working where to plug things in. However, I believe
I'm now making progress. I'm using this within the context of Hessian,
and I *think* I've just got to create an SSLContext (which is what I'm
working on now) and then after URL.openConnection has been called, set
the SSLServerSocketFactory on the HttpsURLConnection to be one returned
by the context. I'll have a look at the Tomcat implementation if I run
into trouble though, thanks.

Jon
 
J

Jon Skeet

Jon said:
It's more a case of working where to plug things in. However, I believe
I'm now making progress. I'm using this within the context of Hessian,
and I *think* I've just got to create an SSLContext (which is what I'm
working on now) and then after URL.openConnection has been called, set
the SSLServerSocketFactory on the HttpsURLConnection to be one returned
by the context.
Click to expand...

Just to confirm - I've now done this, and it works fine. You can set up
the context once, cache the SSLSocketFactory returned by
getSocketFactory, set that as the socket factory for an
HttpsURLConnection, and everything is fine.

Jon
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL trust chains 0
Getting an https connection on a PDA using the CrEme V4.0 jvm 1
Methods for Click + Drag Art/Downloading Pictures on Pixel Art Maker 0
Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions) 2
Using system property 'javax.net.ssl.trustStore' with an applet 0
Deficiency in urllib/socket for https? 4
print header for output 0
Verifying an assumption around possible problem areas in SSL handshake 3

Members online

No members online now.
Total: 27 (members: 1, guests: 26)
Robots: 552

Forum statistics

Threads
473,769
Messages
2,569,581
Members
45,056
Latest member
GlycogenSupporthealth

Latest Threads

Top