Versions Compared

Old Version 39

changes.mady.by.user Daniel Kulp

Saved on

compared with

New Version 40

changes.mady.by.user Cyrille Le Clerc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The TLSClientParameters are listed here and here.

trustAllCertificates: SSL X509 certificate verification deactivation

A new feature starting in CXF 2.02.5 7 is the disableCNcheck trustAllCertificates attribute for this element. It defaults to false, indicating that the hostname given in the HTTPS URL SSL certificate will be checked against the service's Common Name (CN) given in its certificate during SOAP client requeststhe X509TrustManager (if none is configured, the JVM's keystore is used), and failing if there is a mismatchthe certificate is not trusted (unknown Certificate Authority, etc). If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to easily use a URL such as localhost during development. self-signed certificate during development.

Code Block
xml:titleSample : deactivate X509 certificate checking (self-signed certificates, etc)

 ...
 <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">

  <!-- trust all certificates (self-signed certificate, etc)                -->
  <!-- WARNING ! trustAllCertificates=true should NOT be used in production -->
  <http-conf:tlsClientParameters trustAllCertificates="true" />
  ...
 </http-conf:conduit>
 ...

disableCNcheck: SSL hostname verification

A new feature starting in CXF 2.0.5 is the disableCNcheck attribute for this element. It defaults to false, indicating that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development.

Code Block
xml:titleSample : disable HTTP URL hostname verification (self-signed certificates, etc)

 ...
 <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">

   <!-- deactivate HTTPS url hostname verification (localhost, etc)    -->
   <!-- WARNING ! disableCNcheck=true should NOT be used in production -->
   <http-conf:tlsClientParameters disableCNcheck="true" />
   ...
 </http-conf:conduit>
 ...

Using WSDL

Namespace

The WSDL extension elements used to configure an HTTP client are defined in the namespace http://cxf.apache.org/transports/http/configuration. It is commonly referred to using the prefix http-conf. In order to use the HTTP configuration elements you will need to add the line shown below to the definitions element of your endpoint's WSDL document.

...