- From: Hans-Juergen Rennau <hrennau@yahoo.de>
- Date: Tue, 24 Feb 2015 21:28:39 +0000 (UTC)
- To: EXPath <public-expath@w3.org>, "christian.gruen@gmail.com" <christian.gruen@gmail.com>
- Message-ID: <1528672844.10959602.1424813319243.JavaMail.yahoo@mail.yahoo.com>
Hello, the HTTP Client Module ( http://expath.org/spec/http-client ) seems to me a very important initiative, as it broadens the scope of what can be achieved with self-contained XQuery programs significantly. Think of all the environments in which web services play a dominant role - there we can offer XQuery-based, lightweight tools performing various useful tasks, taking advantage of the incomparable ease of constructing, navigating and transforming XML. Recently I came across what appears to me a serious limitation of the module, which might be removed in a very simple way: presently, https connections to services with self-signed certificates are not possible, and we bump into messages like this: [experr:HC0001] java.security.cert.CertificateException: No subject alternative names matching IP address 12.34.56.789 found But self-signed certificates are very common! JMeter, the Apache framework for service testing, is not shy ( http://jmeter.apache.org/usermanual/get-started.html ): " JMeter HTTP samplers are configured to accept all certificates,whether trusted or not, regardless of validity periods, etc.This is to allow the maximum flexibility in testing servers." My proposal: can we add to the http:send-request function a feature enabling acceptance of self-signed certificates? It might be a "ignore-certificate" function parameter, or a further attribute on the http:request element. Kind regards,Hans-Juergen
Received on Tuesday, 24 February 2015 21:29:12 UTC