[thelist] Cold Fusion: cfhttp

Hassan Schroeder hassan at webtuitive.com
Sat May 1 17:14:31 CDT 2004


Ken Schaefer wrote:

> Why didn't you quote section 3.3 of that same RFC for completeness?, which
> explicitly forbids the use of username:password syntax in HTTP URLs, which I
> believe is the point that Joshua was trying to make.

Arrgh. Got me -- I plead selectively decaying memory :-)

In penance, I'll offer Drew (the OP) a suggestion; this Exception:

>   "javax.net.ssl.SSLHandshakeException: 
 >       sun.security.validator.ValidatorException:
 >       No trusted certificate found"

:: makes me think (more selective memory, possibly!) that this is the
new CF based on Java/JRun? If so, it sounds like there's no Keystore,
or the Keystore doesn't contain a root CA cert corresponding to that
of the remote site's cert. Just like a browser, a process generating
a client SSL request has to have certs to compare to the response...

And JRun may handle the details altogether differently from Tomcat,
so that's as much as I can contribute.

HTH (and sorry for the original misleading citation!),
-- 
Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

                           dream.  code.




More information about the thelist mailing list