-
Notifications
You must be signed in to change notification settings - Fork 14
Disabling SSL Validation
Stu Arnett edited this page Mar 28, 2017
·
1 revision
In certain cases, it may be necessary to disable SSL validation due to a self-signed certificate. This is possible, but requires a bit of additional configuration.
Note: Disabling SSL validation is NOT recommended in a production environment as it poses a security risk.
Here is some sample code to accomplish this:
public class DisableSslSample {
public static void main(String[] args) throws Exception {
S3Config config = new S3Config(new URI("https://foo.company.com")).withIdentity("foo").withSecretKey("bar");
// this is the part that disables SSL validation
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, gullibleTrustManager, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// however, you can only use HttpUrlConnection (2GB payload limit and no Expect: 100-Continue)
S3Client client = new S3JerseyClient(config, new URLConnectionClientHandler());
}
private static TrustManager[] gullibleTrustManager = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
// might want to at least verify host name
}
}
};
}