Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[ecf-dev] Self Signed Certs and HttpClient

Hi everyone (p2 & ECF)

Internally, some (many?) organizations have self-signed certs (for things like their internal build server). If you try to connect to a p2 repository using SSL with a self-signed cert it will fail [1].

[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=318339

Obviously the default behaviour here is fine, but what would be required if someone wanted to accept a self-signed cert? On HTTPClient 4, you can set the trust store, but I don't think the HTTP Client is accessible from outside ECF. So here are a few questions

  • Does anybody know of an option (system property) that HttpClient4 will accept to disable trust checking
  • Is the creation of the HttpClient object¬†extendable such that p2 could create a different HttpClient with different TrustManager (or could this be exposed)
  • If the first two options are non-starters, would it be possible to add a system property to ECF to disable trust checking (and is this a lot of work)?
What do others think? Is this a really bad idea? Are others hitting this problem too or is it just me?

Cheers,
Ian

--
R. Ian Bull | EclipseSource Victoria | +1 250 477 7484
http://eclipsesource.com | http://twitter.com/eclipsesource

Back to the top