3 Replies Latest reply on Jun 30, 2004 10:34 AM by wolfj

    org.jboss.security.ignoreHttpsHost property fails because of

    wolfj Newbie

      I needed a HostnameVerifier implementation that would accept all hostnames for JNDI over HTTPS, so I tried running JBoss 3.2.3 using the -Dorg.jboss.security.ignoreHttpsHost=true flag.

      Unfortunately, even though I'm using J2SDK 1.4.2, the HttpsURLConnection implementation being passed into the org.jboss.invocation.http.interfaces.Utils.configureHttpsHostVerifier() method is a
      com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.

      And since that class does not extend javax.net.ssl.HttpsURLConnection, the configureHttpsHostVerifier method fails to set the AnyhostVerifier as the hostnameVerifier.

      My question is, why is this old implementation being used at all? How do I set up JBoss not to use the com.sun.net.* classes so the ignoreHttpsHost flag will work and/or what's the best way to plug in my own HostnameVerifier implementation into the mix?