Swiftdiff options
| author | Gurmeen Bindra <gurmeen.bindra@isode.com> | 2014-08-04 13:00:00 (GMT) |
|---|---|---|
| committer | Gurmeen Bindra <gurmeen.bindra@isode.com> | 2014-08-04 15:26:08 (GMT) |
| commit | 77959428b7f4150569dda9fac35becf7e10b96c7 (patch) | |
| tree | a4dec421da2ef0537239b0bc679568e4d43db576 /src/com/isode/stroke/tls/java/JSSEContext.java | |
| parent | e21b855abf977fd0acdf6173db82f805e512f347 (diff) | |
| download | stroke-77959428b7f4150569dda9fac35becf7e10b96c7.zip stroke-77959428b7f4150569dda9fac35becf7e10b96c7.tar.bz2 | |
Stroke to use default Trust Store provided by Java for Trust Anchors
Until now, Stroke would not do trust anchor checking because there was
no suitable way to getting to a default trust store.
This patch makes stroke use JDK's default trust store for looking up
trust anchors. If it can find the trust anchor in JDK's store, it
proceeds to do validy check. If any check fails, an error is set
and it is upto the client to decide if client is happy with certificate.
Test-information:
I tested with with an XMPP client MLC.
I got prompted with cert for server whose CA was not in Java Trust Store.
After adding the CA to JDK trust store, no prompt was seen
I then renewed the certificte with validity = 2 minutes.
On doing a connection, MLC prompted me because the certificate was expired
even though the CA was in the trust store.
Change-Id: Id3fc86d85641f07814ff8621b8bf038cde406063
Reviewer: Nick Hudson <nick.hudson@isode.com>
Reviewer: Kevin Smith <kevin.smith@isode.com>
Diffstat (limited to 'src/com/isode/stroke/tls/java/JSSEContext.java')
| -rw-r--r-- | src/com/isode/stroke/tls/java/JSSEContext.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/com/isode/stroke/tls/java/JSSEContext.java b/src/com/isode/stroke/tls/java/JSSEContext.java index 13904e8..aeb9300 100644 --- a/src/com/isode/stroke/tls/java/JSSEContext.java +++ b/src/com/isode/stroke/tls/java/JSSEContext.java @@ -646,12 +646,12 @@ public class JSSEContext extends TLSContext { peerCertificateVerificationError = new CertificateVerificationError(Type.NotYetValid); return; - } - + } if (certificateException instanceof CertificateExpiredException) { peerCertificateVerificationError = new CertificateVerificationError(Type.Expired); return; } + peerCertificateVerificationError = new CertificateVerificationError(Type.UnknownError); } } |