Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Core >> Core APIs

Problem - Expired certificate is not rejected

Hi,

I have a client-server code that use certificates to authenticate (the client authenticate the server).

In one case when I check the server certificate in the usual way (init the trust_manager_list)

TrustManagerFactory trust_factory = TrustManagerFactory.getInstance(DEFAULT_SSL_CONNECTION_TRUST_MGR_ALGORITHM);

trust_factory.init(tmp_key_store);

trust_manager_list = trust_factory.getTrustManagers();

The server certificate pass the check.

When I perform my own implementation (that only check for validitiy only) I get an error:

X509Certificate tmp_cert =null;

for (int i = 0 ; i < chain.length ; i++ )

{

tmp_cert = chain[i];

try

{

tmp_cert.checkValidity();

}

catch(CertificateExpiredException exp)

{

s_logger.fatal(exp.getMessage());

throw exp;

}

catch(CertificateNotYetValidException exp)

{

s_logger.fatal(exp.getMessage());

throw exp;

}

}

Why isthis is happening?! am I missing something?

Thanx,

LT

[1599 byte] By [LinkTreea] at [2007-11-26 18:07:54]

«« getFlashCard(int N) ?please help me.....
»» can't no longer run application using javax.comm

# 1

Evidently the default TrustManager doesn't call checkValidity(). You dont have to write a TrustManager to do it yourself though, you can get the certificates from the SSLSession, via the SSLSocket or in a HandshakeCompletedCallback, and check them that way at the same time that you're authorising the peer identity.

ejpa at 2007-7-9 5:39:24 >

top of Java-index,Core,Core APIs...

# 2

Do you mean that sun implementation doesn't do that check?Its weird doesn't it?

LinkTreea at 2007-7-9 5:39:24 >

top of Java-index,Core,Core APIs...

Core New Topic

Core Hot Topic