Getting SSL error even after ignoring it using TrustManager

Question

I am trying to bypass certificate using the following code :

private static HttpClient wrapClient(HttpClient base) throws AGException { try { SSLContext ctx = SSLContext.getInstance("TLS");

   X509TrustManager tm = new X509TrustManager()
   {
     public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException
     {
     }

     public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
     }

     public X509Certificate[] getAcceptedIssuers() {
       return null;
     }
   };
   ctx.init(null, new TrustManager[] { tm }, null);

   SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);


   ClientConnectionManager ccm = base.getConnectionManager();

   SchemeRegistry sr = ccm.getSchemeRegistry();

   sr.register(new Scheme("https", 443, ssf));

   return new DefaultHttpClient(ccm, base.getParams());
 }
 catch (NoSuchAlgorithmException nsaex)
 {
   throw new AGException(nsaex, "Not able to get the SSL Context");
 }
 catch (KeyManagementException kmex) {
     throw new AGException(kmex, "Not able to get the SSL Context");
 }

}

but still getting the below error javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Just to brief my assigment :

i am using putty to tunnel to a server and making SOAP over https call to connect to that server but receiving the same error even trying using above code.

Any help/suggesstions would be greatly appricates. Thanks in advance.

-Nitish

Answer 1

Don't use insecure TrustManagers.

The issue here is that the peer hasn't presented a certificate at all.