gmane.comp.lang.jython.user

Dirk Vleugels | 28 Aug 13:24

https & invalid certs

Hi,

i'm able to connect to SSL sockets issuing selfsigned or just plain
invalid certs by using code like this:

class TrustManager(javax.net.ssl.X509TrustManager):
	def checkClientTrusted(self,chain,authtype):
		pass
	def checkServerTrusted(self,chain,authtype):
		pass
	def getAcceptedIssuers(self):
		None

class HostnameVerifier(javax.net.ssl.HostnameVerifier):
	def verify(self,hostname,ssl_session):
		true

def setupSSLFactory():
        sc = javax.net.ssl.SSLContext.getInstance("SSLv3")
        sc.init(None,array([TrustManager()], TrustManager),None)

        urlConn=javax.net.ssl.HttpsURLConnection

        urlConn.setDefaultSSLSocketFactory(sc.getSocketFactory())
        urlConn.setDefaultHostnameVerifier(HostnameVerifier())

setupSSLFactory()
url=java.net.URL("https://domain-with-wrong-cert.com")
[..............]

(Continue reading)

headers

Alan Kennedy | 28 Aug 16:20

Re: https & invalid certs

[Dirk]
> i'm able to connect to SSL sockets issuing selfsigned or just plain
> invalid certs by using code like this:
>
> class TrustManager(javax.net.ssl.X509TrustManager):
>        def checkClientTrusted(self,chain,authtype):
>                pass
>        def checkServerTrusted(self,chain,authtype):
>                pass
>        def getAcceptedIssuers(self):
>                None
>
> class HostnameVerifier(javax.net.ssl.HostnameVerifier):
>        def verify(self,hostname,ssl_session):
>                true
>
> def setupSSLFactory():
>        sc = javax.net.ssl.SSLContext.getInstance("SSLv3")
>        sc.init(None,array([TrustManager()], TrustManager),None)
>
>        urlConn=javax.net.ssl.HttpsURLConnection
>
>        urlConn.setDefaultSSLSocketFactory(sc.getSocketFactory())
>        urlConn.setDefaultHostnameVerifier(HostnameVerifier())

The problem here is that you are only setting the SSLSocketFactory for
the HttpsURLConnection class. From the documentation for
HttpsURLConnection.setDefaultSocketFactory()

"""

(Continue reading)