Support for ssl about rest-client HOT 26 CLOSED

I believe it is supported in the underlying HTTP library used by RESTClient. 
Can you
test it out?

I tried connecting to https://dev.java.net/ .
It works:

http://flickr.com/photos/subwiz/2297501725/

And I discovered a little secret too: dev.java.net is hosted using JBoss, not 
using
Glassfish :O !

Marking the issue Invalid as the feature already exists.

Yes, that's ok when you only have a server certificate. But it does not work if 
i
need to authenticate myself with a certificate: i need to be able to specify a
keystore. This is the same kind of feature that is available under SOAPUI.

Makes sense...

I will look into it.

I downloaded SoapUI 2.0.2. The requested feature is available in the menu:

File>Preferences>SSL Settings

A simple and fast to learn tutorial on Java's support for SSL. Will need this 
for
fixing the issue:

http://tvilda.stilius.net/java/java_ssl.php

Some other details:

http://hc.apache.org/httpclient-3.x/sslguide.html
http://www.jdocs.com/httpclient/3.0.1/api-index.html?m=class&p=org.apache.common
s.httpclient.contrib.ssl&c=AuthSSLProtocolSocketFactory&render=classic

We should take Option input for:

1. truststore file
2. truststore password
3. keystore file
4. keystore password

These seem to be the input expected by the API. Is this correct @cyrille.puget?

Yes, this is how it should be done.
In SOAPUI, they might have taken a shorcut since no trustore is required. The 
might
do truststore = keystore internally.

Thanks for the detail. I will incorporate this feature in the next release.

Revision 225: Http library changed to:

http://hc.apache.org/httpcomponents-client/

This has a neater implementation of SSL. SSL example for this API:

http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/sr
c/examples/org/apache/http/examples/client/ClientCustomSSL.java

Rev. 226 has a basic implementation. Yet to do the file save part, browse 
button for
selecting the truststore file.

The binary with SSL support is available for download from here:

http://wiztools.org/project/RESTClient/restclient-3.0-SNAPSHOT-jar-with-dependen
cies.jar

@cyrille.puget, can you test this and tell me if it satisfies your requirement?

Closing the issue on the assumption that it works!

Hi ... I just started using REST Client 2.2

When am using 2-WAY SSL...it's not working...am getting peer not authenticated 
exception.

When am using 1-way SSL ...am getting "not able to verify hostname" error.

Is there any "Ignore Hostname Verification" feature.

Pls tell me the correct procedure, if i have done anything wrong. 

Thanks for pointing it out. I just found this in http client library (which is 
used
by RESTClient):

http://hc.apache.org/httpcomponents-client/httpclient/apidocs/org/apache/http/co
nn/ssl/AllowAllHostnameVerifier.html

So I will incorporate this in next release. I have re-opened the issue too.

Thanks...

Also, try to include the 2-way SSL feature as well.

By the way, when can we expect the next release? 

Rev. 351 has the fix for Ignoring Hostname Verification.

I have used 2-way-SSL in RESTClient with success recently. Please check with 
Rev.351
and verify if it works.

Rev.351 build is available here:
http://wiztools.org/project/RESTClient/restclient-2.3-SNAPSHOT-jar-with-dependen
cies.jar

A particular date for next release is not yet planned. But I think before end 
of Jan
2009 it should be released.

Thanks for the info...

Able to download restclient-2.3 and tested it against 1-way SSL.
It works fine.

But it fails when tried against 2-way SSL.
Attached the screen-shot of the error.

Could i request subwiz user to pls explain me the scenario against which he 
could 
succeed with 2-way SSL.

Pls go thru the error and let me know if i did any wrong/ give me the solution.

Thanks and wish you a Happy New Year

Thanks for sending in the details. I am looking into it...

Any update on 2-way SSL feature?

2-way SSL is working for me. Can you try again? Can you verify if your 
configuration 
is correct?

closing the issue as i have stopped receiving new complaints on this.

r579 and r580 has the fix.