Re: [rest-assured] Self signed certificates and RestAssured

[Johan Haleby]

You could try this approach.

Regards,

/Johan

On Thu, Jun 21, 2012 at 3:06 PM, mark <mjen...@idbs.com> wrote:

Hi,

Is there any way that when using self signed certificates with SSL it is possible to override the host name verifier?

I can update my cacerts with the certificate fine but can find no way using Rest-assured to do

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
boolean verified = false;
try
{  
if (session.getPeerCertificateChain()[0].getSubjectDN().getName().equals("The certificate name"))
{
verified = true;
}
else
{
verified = oldHostnameVerifier.verify(hostname, session);
}
}
catch (SSLPeerUnverifiedException e)
{
}
return verified;
});

[mark]

That will only partially work since the certificate does not contain the host name and cannot when testing on different machines thus we have to ignore the hostname when validating the SSL certificate.

On Thursday, 21 June 2012 15:15:54 UTC+1, Johan Haleby wrote:

You could try this approach.

Regards,

/Johan

[Johan Haleby]

Ok, then there's currently no way to do that :( I suppose we could implement it as a detailed configuration. Please add this as an issue on the google code page and if you're up for it a patch or pull request would be really nice. 

Regards,

/Johan

[Johan Haleby]

Thanks! I'm on vacation right and I'll look into it when I come home.

/Johan

Skickat från min iPhone

23 okt 2012 kl. 10:13 skrev Kevin Minder <kmi...@gmail.com>:

I see there is an issue filed for this.  I posted a comment to that issue that contains a sample project for how I made self signed certs (including noop host name verifier) work with raw HttpClient and Jersey.  This should hopefully help Johan add this feature.  My sense is that the resulting APIs should look something like this.

given

    .keystore( <store>, <password> )

    .truststore( <store>, <password> )

    .hostnameVerifier( SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER )

or alternatively at the "global" level

RestAssured.keystore( <store>, <password> )

RestAssured.truststore( <store>, <password> )

RestAssured.hostnameVerifier( SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER )

I imagine there is also some precedent for a solution involving detailed configuration but I haven't played much with that yet.

BTW I apologize if this post shows up twice.  I thought I posted this earlier today but as I never saw it show up I'm assuming I never ended up pressing "Post".