Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
JBossAS-3.2.6 Final
-
None
-
None
Description
SourceForge Submitter: dietmar_scheidl .
If the http-invoker is used to access the server
org.jboss.security.ignoreHttpsHost=true
can be specified to use the AnyhostVerifier for SSL
connections. Therefore this is checked if the connection
is an com.sun.net.ssl.HttpsURLConnection if so, the
AnyhostVerifier is applied to this connection.
Since JDK 1.4+ JCSE is included and the package has
changed to javax.net.ssl.HttpsURLConnection so the
connection is not identified correctly.
This is happens in
org/jboss/invocation/http/interfaces/Util.java and
org/jboss/naming/HttpNamingContextFactory.java.
Maybe it has to be corrected somewhere else but this
are the parts to get the http-invoker running with SSL
again if the name of the server deferres from the name
issued in the certificate.
