[Webtest] Canoo Webtest and SSL Client Authentication and IP- Numbers

Parker, Michael webtest@lists.canoo.com
Tue, 14 Sep 2004 08:42:14 +0200


Dierk Koenig wrote:
Hi Mittie,

thank you very much ! 

I just got the hint of a colleague to replace  it by

 static
  {
    HostnameVerifier hnv = new HostnameVerifier()
    {
      public boolean verify(String host, SSLSession cert)
      {
        return true;
      }
    };

    HttpsURLConnection.setDefaultHostnameVerifier( hnv );

but your answer told me that a solution like this already exists.

Thanks you also for the detailed explanation !
Michael


> ok, thanx for the info.
> 
> It appears your jre 1.4.2 standard https protocol
> handler is used. It has a rather restrictive
> "HostnameVerifier" from the testing point of view.
> 
> You use https with host certificates only (no client
> certificates). That is, https is used for the purposes of
> - protecting the data and
> - authenticating the server.
> 
> The second goal is not met when connecting via direct
> IP address (the server you connect to has a different name
> than the one that appears in the certificate that it sends)
> and consequently the connection is dropped.
> 
> If this gets in the way while testing you can use the
> less restrictive webtest protocol handler.
> They are set by the so called "ConnectionInitializer".
> For your scenario webtest provides the
> SunJsseBaseConnectionInitializer in package
> com.canoo.webtest.security
> , cf.
>
http://webtest.canoo.com/webtest/api/com/canoo/webtest/security/package-summ
> ary.html
> 
> To use it, set the property
> <property name="webtest.connectioninitializer"
> value="com.canoo.webtest.security.SunJsseBaseConnectionInitializer" />
> 
> (more info under
>
http://webtest.canoo.com/viewrep/Canoo%20Webtest%20CVS/webtest/doc/samples/s
> sl
> 
> howto.txt and sslTest.xml
> )
> 
> cheers
> Mittie
> 
> 
> 
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest



------------------------------------------------------------------------------
Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach. Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht  ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen.
----------------------------
For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this e-mail is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately.

==============================================================================