Index: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java =================================================================== RCS file: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java diff -N contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLInitializationError.java 30 May 2004 22:49:49 -0000 @@ -0,0 +1,65 @@ +/* + * $Header$ + * $Revision$ + * $Date$ + * + * ==================================================================== + * + * Copyright 1999-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * [Additional notices, if required by prior licensing conditions] + * + */ + +package org.apache.commons.httpclient.contrib.ssl; + +/** + *

+ * Signals fatal error in initialization of {@link AuthSSLProtocolSocketFactory}. + *

+ * + * @author Oleg Kalnichevski + * + *

+ * DISCLAIMER: HttpClient developers DO NOT actively support this component. + * The component is provided as a reference material, which may be inappropriate + * for use without additional customization. + *

+ */ + +public class AuthSSLInitializationError extends Error { + + /** + * Creates a new AuthSSLInitializationError. + */ + public AuthSSLInitializationError() { + super(); + } + + /** + * Creates a new AuthSSLInitializationError with the specified message. + * + * @param message error message + */ + public AuthSSLInitializationError(String message) { + super(message); + } +} Index: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java =================================================================== RCS file: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java diff -N contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java 30 May 2004 22:49:51 -0000 @@ -0,0 +1,370 @@ +/* + * $Header$ + * $Revision$ + * $Date$ + * + * ==================================================================== + * + * Copyright 2002-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + */ + +package org.apache.commons.httpclient.contrib.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.URL; +import java.net.UnknownHostException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Enumeration; + +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.sun.net.ssl.KeyManager; +import com.sun.net.ssl.KeyManagerFactory; +import com.sun.net.ssl.SSLContext; +import com.sun.net.ssl.TrustManager; +import com.sun.net.ssl.TrustManagerFactory; +import com.sun.net.ssl.X509TrustManager; + +/** + *

+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS + * server against a list of trusted certificates and to authenticate to the HTTPS + * server using a private key. + *

+ * + *

+ * AuthSSLProtocolSocketFactory will enable server authentication when supplied with + * a {@link KeyStore truststore} file containg one or several trusted certificates. + * The client secure socket will reject the connection during the SSL session handshake + * if the target HTTPS server attempts to authenticate itself with a non-trusted + * certificate. + *

+ * + *

+ * Use JDK keytool utility to import a trusted certificate and generate a truststore file: + *

+ *     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
+ *    
+ *

+ * + *

+ * AuthSSLProtocolSocketFactory will enable client authentication when supplied with + * a {@link KeyStore keystore} file containg a private key/public certificate pair. + * The client secure socket will use the private key to authenticate itself to the target + * HTTPS server during the SSL session handshake if requested to do so by the server. + * The target HTTPS server will in its turn verify the certificate presented by the client + * in order to establish client's authenticity + *

+ * + *

+ * Use the following sequence of actions to generate a keystore file + *

+ * + *

+ * Example of using custom protocol socket factory for a specific host: + *

+ *     Protocol authhttps = new Protocol("https",  
+ *          new AuthSSLProtocolSocketFactory(
+ *              new URL("file:my.keystore"), "mypassword",
+ *              new URL("file:my.truststore"), "mypassword"), 443); 
+ *
+ *     HttpClient client = new HttpClient();
+ *     client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ *     // use relative url only
+ *     GetMethod httpget = new GetMethod("/");
+ *     client.executeMethod(httpget);
+ *     
+ *

+ *

+ * Example of using custom protocol socket factory per default instead of the standard one: + *

+ *     Protocol authhttps = new Protocol("https",  
+ *          new AuthSSLProtocolSocketFactory(
+ *              new URL("file:my.keystore"), "mypassword",
+ *              new URL("file:my.truststore"), "mypassword"), 443); 
+ *     Protocol.registerProtocol("https", authhttps);
+ *
+ *     HttpClient client = new HttpClient();
+ *     GetMethod httpget = new GetMethod("https://localhost/");
+ *     client.executeMethod(httpget);
+ *     
+ *

+ * @author Oleg Kalnichevski + * + *

+ * DISCLAIMER: HttpClient developers DO NOT actively support this component. + * The component is provided as a reference material, which may be inappropriate + * to be used without additional customization. + *

+ */ + +public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory { + + /** Log object for this class. */ + private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class); + + private URL keystoreUrl = null; + private String keystorePassword = null; + private URL truststoreUrl = null; + private String truststorePassword = null; + private SSLContext sslcontext = null; + + /** + * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file + * must be given. Otherwise SSL context initialization error will result. + * + * @param keystoreUrl URL of the keystore file. May be null if HTTPS client + * authentication is not to be used. + * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation + * assumes that the same password is used to protect the key and the keystore itself. + * @param truststoreUrl URL of the truststore file. May be null if HTTPS server + * authentication is not to be used. + * @param truststorePassword Password to unlock the truststore. + */ + public AuthSSLProtocolSocketFactory( + final URL keystoreUrl, final String keystorePassword, + final URL truststoreUrl, final String truststorePassword) + { + super(); + this.keystoreUrl = keystoreUrl; + this.keystorePassword = keystorePassword; + this.truststoreUrl = truststoreUrl; + this.truststorePassword = truststorePassword; + } + + private static KeyStore createKeyStore(final URL url, final String password) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException + { + if (url == null) { + throw new IllegalArgumentException("Keystore url may not be null"); + } + LOG.debug("Initializing key store"); + KeyStore keystore = KeyStore.getInstance("jks"); + keystore.load(url.openStream(), password != null ? password.toCharArray(): null); + return keystore; + } + + private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) + throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException + { + if (keystore == null) { + throw new IllegalArgumentException("Keystore may not be null"); + } + LOG.debug("Initializing key manager"); + KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); + kmfactory.init(keystore, password != null ? password.toCharArray(): null); + return kmfactory.getKeyManagers(); + } + + private static TrustManager[] createTrustManagers(final KeyStore keystore) + throws KeyStoreException, NoSuchAlgorithmException + { + if (keystore == null) { + throw new IllegalArgumentException("Keystore may not be null"); + } + LOG.debug("Initializing trust manager"); + TrustManagerFactory tmfactory = TrustManagerFactory.getInstance( + TrustManagerFactory.getDefaultAlgorithm()); + tmfactory.init(keystore); + TrustManager[] trustmanagers = tmfactory.getTrustManagers(); + for (int i = 0; i < trustmanagers.length; i++) { + if (trustmanagers[i] instanceof X509TrustManager) { + trustmanagers[i] = new AuthSSLX509TrustManager( + (X509TrustManager)trustmanagers[i]); + } + } + return trustmanagers; + } + + private SSLContext createSSLContext() { + try { + KeyManager[] keymanagers = null; + TrustManager[] trustmanagers = null; + if (this.keystoreUrl != null) { + KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword); + if (LOG.isInfoEnabled()) { + Enumeration aliases = keystore.aliases(); + while (aliases.hasMoreElements()) { + String alias = (String)aliases.nextElement(); + Certificate[] certs = keystore.getCertificateChain(alias); + if (certs != null) { + LOG.info("Certificate chain '" + alias + "':"); + for (int c = 0; c < certs.length; c++) { + if (certs[c] instanceof X509Certificate) { + X509Certificate cert = (X509Certificate)certs[c]; + LOG.info(" Certificate " + (c + 1) + ":"); + LOG.info(" Subject DN: " + cert.getSubjectDN()); + LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); + LOG.info(" Valid from: " + cert.getNotBefore() ); + LOG.info(" Valid until: " + cert.getNotAfter()); + LOG.info(" Issuer: " + cert.getIssuerDN()); + } + } + } + } + } + keymanagers = createKeyManagers(keystore, this.keystorePassword); + } + if (this.truststoreUrl != null) { + KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword); + if (LOG.isInfoEnabled()) { + Enumeration aliases = keystore.aliases(); + while (aliases.hasMoreElements()) { + String alias = (String)aliases.nextElement(); + LOG.info("Trusted certificate '" + alias + "':"); + Certificate trustedcert = keystore.getCertificate(alias); + if (trustedcert != null && trustedcert instanceof X509Certificate) { + X509Certificate cert = (X509Certificate)trustedcert; + LOG.info(" Subject DN: " + cert.getSubjectDN()); + LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); + LOG.info(" Valid from: " + cert.getNotBefore() ); + LOG.info(" Valid until: " + cert.getNotAfter()); + LOG.info(" Issuer: " + cert.getIssuerDN()); + } + } + } + trustmanagers = createTrustManagers(keystore); + } + SSLContext sslcontext = SSLContext.getInstance("SSL"); + sslcontext.init(keymanagers, trustmanagers, null); + return sslcontext; + } catch (NoSuchAlgorithmException e) { + LOG.error(e.getMessage(), e); + throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage()); + } catch (KeyStoreException e) { + LOG.error(e.getMessage(), e); + throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage()); + } catch (GeneralSecurityException e) { + LOG.error(e.getMessage(), e); + throw new AuthSSLInitializationError("Key management exception: " + e.getMessage()); + } catch (IOException e) { + LOG.error(e.getMessage(), e); + throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: " + e.getMessage()); + } + } + + private SSLContext getSSLContext() { + if (this.sslcontext == null) { + this.sslcontext = createSSLContext(); + } + return this.sslcontext; + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException + { + return getSSLContext().getSocketFactory().createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException + { + return getSSLContext().getSocketFactory().createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException + { + return getSSLContext().getSocketFactory().createSocket( + socket, + host, + port, + autoClose + ); + } +} Index: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java =================================================================== RCS file: contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java diff -N contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLX509TrustManager.java 30 May 2004 22:49:51 -0000 @@ -0,0 +1,113 @@ +/* + * $Header$ + * $Revision$ + * $Date$ + * + * ==================================================================== + * + * Copyright 2002-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + */ + +package org.apache.commons.httpclient.contrib.ssl; + +import java.security.cert.X509Certificate; + +import com.sun.net.ssl.X509TrustManager; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + *

+ * AuthSSLX509TrustManager can be used to extend the default {@link X509TrustManager} + * with additional trust decisions. + *

+ * + * @author Oleg Kalnichevski + * + *

+ * DISCLAIMER: HttpClient developers DO NOT actively support this component. + * The component is provided as a reference material, which may be inappropriate + * for use without additional customization. + *

+ */ + +public class AuthSSLX509TrustManager implements X509TrustManager +{ + private X509TrustManager defaultTrustManager = null; + + /** Log object for this class. */ + private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class); + + /** + * Constructor for AuthSSLX509TrustManager. + */ + public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) { + super(); + if (defaultTrustManager == null) { + throw new IllegalArgumentException("Trust manager may not be null"); + } + this.defaultTrustManager = defaultTrustManager; + } + + /** + * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) + */ + public boolean isClientTrusted(X509Certificate[] certificates) { + if (LOG.isInfoEnabled() && certificates != null) { + for (int c = 0; c < certificates.length; c++) { + X509Certificate cert = certificates[c]; + LOG.info(" Client certificate " + (c + 1) + ":"); + LOG.info(" Subject DN: " + cert.getSubjectDN()); + LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); + LOG.info(" Valid from: " + cert.getNotBefore() ); + LOG.info(" Valid until: " + cert.getNotAfter()); + LOG.info(" Issuer: " + cert.getIssuerDN()); + } + } + return this.defaultTrustManager.isClientTrusted(certificates); + } + + /** + * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(X509Certificate[]) + */ + public boolean isServerTrusted(X509Certificate[] certificates) { + if (LOG.isInfoEnabled() && certificates != null) { + for (int c = 0; c < certificates.length; c++) { + X509Certificate cert = certificates[c]; + LOG.info(" Server certificate " + (c + 1) + ":"); + LOG.info(" Subject DN: " + cert.getSubjectDN()); + LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); + LOG.info(" Valid from: " + cert.getNotBefore() ); + LOG.info(" Valid until: " + cert.getNotAfter()); + LOG.info(" Issuer: " + cert.getIssuerDN()); + } + } + return this.defaultTrustManager.isServerTrusted(certificates); + } + + /** + * @see com.sun.net.ssl.X509TrustManager#getAcceptedIssuers() + */ + public X509Certificate[] getAcceptedIssuers() { + return this.defaultTrustManager.getAcceptedIssuers(); + } +} Index: contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 EasySSLProtocolSocketFactory.java --- contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java 22 Feb 2004 18:21:12 -0000 1.2.2.1 +++ contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java 30 May 2004 22:49:51 -0000 @@ -21,8 +21,6 @@ * information on the Apache Software Foundation, please see * . * - * [Additional notices, if required by prior licensing conditions] - * */ package org.apache.commons.httpclient.contrib.ssl; @@ -31,15 +29,14 @@ import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; -import javax.net.ssl.SSLSocketFactory; - -import com.sun.net.ssl.SSLContext; -import com.sun.net.ssl.TrustManager; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import com.sun.net.ssl.SSLContext; +import com.sun.net.ssl.TrustManager; + /** *

* EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s @@ -51,12 +48,38 @@ * you are perfectly aware of security implications of accepting * self-signed certificates *

+ * + *

+ * Example of using custom protocol socket factory for a specific host: + *

+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *
+ *     HttpClient client = new HttpClient();
+ *     client.getHostConfiguration().setHost("localhost", 443, easyhttps);
+ *     // use relative url only
+ *     GetMethod httpget = new GetMethod("/");
+ *     client.executeMethod(httpget);
+ *     
+ *

+ *

+ * Example of using custom protocol socket factory per default instead of the standard one: + *

+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *     Protocol.registerProtocol("https", easyhttps);
+ *
+ *     HttpClient client = new HttpClient();
+ *     GetMethod httpget = new GetMethod("https://localhost/");
+ *     client.executeMethod(httpget);
+ *     
+ *

* * @author Oleg Kalnichevski * + *

* DISCLAIMER: HttpClient developers DO NOT actively support this component. * The component is provided as a reference material, which may be inappropriate - * to be used without additional customization. + * for use without additional customization. + *

*/ public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory { @@ -64,38 +87,35 @@ /** Log object for this class. */ private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class); + private SSLContext sslcontext = null; + /** * Constructor for EasySSLProtocolSocketFactory. - * - * Code sample: - * - *
- * Protocol easyhttps = new Protocol( - * "https", new EasySSLProtocolSocketFactory(), 443); - * - * HttpClient client = new HttpClient(); - * client.getHostConfiguration().setHost("localhost", 443, easyhttps); - *
*/ public EasySSLProtocolSocketFactory() { super(); } - private static SSLSocketFactory getEasySSLSocketFactory() { - SSLContext context = null; + private static SSLContext createEasySSLContext() { try { - context = SSLContext.getInstance("SSL"); + SSLContext context = SSLContext.getInstance("SSL"); context.init( null, new TrustManager[] {new EasyX509TrustManager(null)}, null); + return context; } catch (Exception e) { LOG.error(e.getMessage(), e); throw new RuntimeException(e.toString()); } - return context.getSocketFactory(); } + private SSLContext getSSLContext() { + if (this.sslcontext == null) { + this.sslcontext = createEasySSLContext(); + } + return this.sslcontext; + } /** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) @@ -107,13 +127,12 @@ int clientPort) throws IOException, UnknownHostException { - Socket socket = getEasySSLSocketFactory().createSocket( + return getSSLContext().getSocketFactory().createSocket( host, port, clientHost, clientPort ); - return socket; } /** @@ -121,7 +140,7 @@ */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { - return getEasySSLSocketFactory().createSocket( + return getSSLContext().getSocketFactory().createSocket( host, port ); @@ -136,7 +155,7 @@ int port, boolean autoClose) throws IOException, UnknownHostException { - return getEasySSLSocketFactory().createSocket( + return getSSLContext().getSocketFactory().createSocket( socket, host, port, Index: contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 EasyX509TrustManager.java --- contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java 22 Feb 2004 18:21:12 -0000 1.2.2.1 +++ contrib/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java 30 May 2004 22:49:52 -0000 @@ -21,8 +21,6 @@ * information on the Apache Software Foundation, please see * . * - * [Additional notices, if required by prior licensing conditions] - * */ package org.apache.commons.httpclient.contrib.ssl; @@ -54,9 +52,11 @@ * @author Adrian Sutton * @author Oleg Kalnichevski * + *

* DISCLAIMER: HttpClient developers DO NOT actively support this component. * The component is provided as a reference material, which may be inappropriate - * to be used without additional customization. + * for use without additional customization. + *

*/ public class EasyX509TrustManager implements X509TrustManager Index: contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java,v retrieving revision 1.1.2.1 diff -u -r1.1.2.1 StrictSSLProtocolSocketFactory.java --- contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java 22 Feb 2004 18:21:12 -0000 1.1.2.1 +++ contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java 30 May 2004 22:49:53 -0000 @@ -1,5 +1,5 @@ /* - * $Header: /home/cvspublic/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java,v 1.1.2.1 2004/02/22 18:21:12 olegk Exp $ + * $Header: /home/cvs/jakarta-commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.java,v 1.1.2.1 2004/02/22 18:21:12 olegk Exp $ * $Revision: 1.1.2.1 $ * $Date: 2004/02/22 18:21:12 $ * @@ -69,11 +69,11 @@ * server certificates "Common Name" field of the "SubjectDN" entry. * * @author Sebastian Hauer - * @version 1.0 - * + *

* DISCLAIMER: HttpClient developers DO NOT actively support this component. * The component is provided as a reference material, which may be inappropriate - * to be used without additional customization. + * for use without additional customization. + *

*/ public class StrictSSLProtocolSocketFactory implements SecureProtocolSocketFactory {