Getting initiator to validate the server's certificate

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Getting initiator to validate the server's certificate

Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong,
errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Kimpton, C (Chris)
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

Do you know that the other side forces secure connections - is it something you can control?

I had a play with this last year and found some quirks - but looks like you might have found another.

http://sourceforge.net/p/quickfixj/mailman/quickfixj-users/?viewmonth=201506 

Regards, Chris


-----Original Message-----
From: Sean LeBlanc [mailto:[hidden email]]
Sent: 12 January 2016 21:33
To: [hidden email]
Subject: [Quickfixj-users] Getting initiator to validate the server's certificate

QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong, errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
_________________________________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing.
_________________________________________________________________________________

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
In reply to this post by Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
know if it will solve your problem.
You can download a 1.7.0 snapshot here to check:
https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/

Best regards,
Christoph.


On 12/01/16 22:32, Sean LeBlanc wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
> makes a difference) to validate the server's certificate. We have this
> configuration:
>
> SocketUseSSL = "Y"
> SocketKeyStore = "<keystorefile>"
> SocketKeyStorePassword = "<keystorefilepassword>"
>
>
> This appears to do something, because if you get the password wrong,
> errors will get thrown.
>
>
> However, it doesn't seem to be validating the certificate the server is
> using? Reason being that if I substitute another file for the keystore
> with certificate that has nothing to do with the certificate the server
> is using, it still connects and will send/receive messages.
>
>
> Is there a way to make the client/initiator to validate the
> server/acceptor's certificate?
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Winfried Schleipen
In reply to this post by Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi,

as far as I know qfj does currently not support your scenario. The keystore is used to store your own certificate for the session and this works well.
If you want to validate the certificate of the counterparty you will have to add a kind of trust store where the root certificates for the counterparty's certifcate are stored.
I think there are some Jira tickets for this (e.g. QFJ-256) but I am not sure if this issue has been tackled so far.

You can also try and use stunnel as a proxy for secure communication and use an unencrypted connection to the stunnel proxy.


Best regards,
Winfried

Winfried Schleipen
Certified Senior IT Specialist
Global Business Services
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland
Sittarder Strasse 31
52078 Aachen
Phone: +49-241-5295-197
Mobile: +49-(0)151-11762672
E-Mail: [hidden email]
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland Global Business Solutions GmbH
Geschäftsführung: Michael Mai, Rainer Viering
Sitz der Gesellschaft: Ehningen Registergericht: Amtsgericht Stuttgart, HRB 726121




From:        Sean LeBlanc <[hidden email]>
To:        [hidden email]
Date:        01/12/2016 09:47 PM
Subject:        [Quickfixj-users] Getting initiator to validate the server's        certificate




QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support:
http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong,
errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users





------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Winfried Schleipen
In reply to this post by Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi,

sorry for the confusion I may have created. Christoph John's reply is of course more accurate than my user view.
I am pleased to hear that the issue is going to be resolved in a new version.

Best regards,
Winfried

Winfried Schleipen
Certified Senior IT Specialist
Global Business Services
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland
Sittarder Strasse 31
52078 Aachen
Phone: +49-241-5295-197
Mobile: +49-(0)151-11762672
E-Mail: [hidden email]
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland Global Business Solutions GmbH
Geschäftsführung: Michael Mai, Rainer Viering
Sitz der Gesellschaft: Ehningen Registergericht: Amtsgericht Stuttgart, HRB 726121




From:        Sean LeBlanc <[hidden email]>
To:        [hidden email]
Date:        01/12/2016 09:47 PM
Subject:        [Quickfixj-users] Getting initiator to validate the server's        certificate




QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support:
http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong,
errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users





------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
In reply to this post by Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi Winfried,

thanks for the pointer. QFJ-256 indeed seems to be a ticket which can be closed now. This has been solved recently by Marcin Lamparski.

Cheers,
Chris.


On 13/01/16 09:47, Winfried Schleipen wrote:
Hi,

sorry for the confusion I may have created. Christoph John's reply is of course more accurate than my user view.
I am pleased to hear that the issue is going to be resolved in a new version.

Best regards,
Winfried

Winfried Schleipen
Certified Senior IT Specialist
Global Business Services
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland
Sittarder Strasse 31
52078 Aachen
Phone: +49-241-5295-197
Mobile: +49-(0)151-11762672
E-Mail: [hidden email]
------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland Global Business Solutions GmbH
Geschäftsführung: Michael Mai, Rainer Viering
Sitz der Gesellschaft: Ehningen Registergericht: Amtsgericht Stuttgart, HRB 726121




From:        Sean LeBlanc [hidden email]
To:        [hidden email]
Date:        01/12/2016 09:47 PM
Subject:        [Quickfixj-users] Getting initiator to validate the server's        certificate




QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support:
http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong,
errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users





--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:Christoph.John@...



http://www.macd.com


MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
 Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald


take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Sean LeBlanc
In reply to this post by Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Thanks for the replies on this, I appreciate it.

So, I've tried this snapshot jar...

https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar


But it doesn't seem to behave any differently. The client does not
appear to validate the server's certificate. Is there additional
configuration I should be doing, or additional things to try?


On 1/13/16 1:39 AM, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi,
>
> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
> know if it will solve your problem.
> You can download a 1.7.0 snapshot here to check:
> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>
> Best regards,
> Christoph.
>
>
> On 12/01/16 22:32, Sean LeBlanc wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>> makes a difference) to validate the server's certificate. We have this
>> configuration:
>>
>> SocketUseSSL = "Y"
>> SocketKeyStore = "<keystorefile>"
>> SocketKeyStorePassword = "<keystorefilepassword>"
>>
>>
>> This appears to do something, because if you get the password wrong,
>> errors will get thrown.
>>
>>
>> However, it doesn't seem to be validating the certificate the server is
>> using? Reason being that if I substitute another file for the keystore
>> with certificate that has nothing to do with the certificate the server
>> is using, it still connects and will send/receive messages.
>>
>>
>> Is there a way to make the client/initiator to validate the
>> server/acceptor's certificate?
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________
>> Quickfixj-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

please check here for the SSL settings(just search for SSLto see the available parameters):
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html

Regards,
Chris.

On 15/01/16 00:08, Sean LeBlanc wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Thanks for the replies on this, I appreciate it.
>
> So, I've tried this snapshot jar...
>
> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>
>
> But it doesn't seem to behave any differently. The client does not
> appear to validate the server's certificate. Is there additional
> configuration I should be doing, or additional things to try?
>
>
> On 1/13/16 1:39 AM, Christoph John wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hi,
>>
>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>> know if it will solve your problem.
>> You can download a 1.7.0 snapshot here to check:
>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>
>> Best regards,
>> Christoph.
>>
>>
>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>> makes a difference) to validate the server's certificate. We have this
>>> configuration:
>>>
>>> SocketUseSSL = "Y"
>>> SocketKeyStore = "<keystorefile>"
>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>
>>>
>>> This appears to do something, because if you get the password wrong,
>>> errors will get thrown.
>>>
>>>
>>> However, it doesn't seem to be validating the certificate the server is
>>> using? Reason being that if I substitute another file for the keystore
>>> with certificate that has nothing to do with the certificate the server
>>> is using, it still connects and will send/receive messages.
>>>
>>>
>>> Is there a way to make the client/initiator to validate the
>>> server/acceptor's certificate?
>>>
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>> _______________________________________________
>>> Quickfixj-users mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Yes! Thank you. For anyone else following along, after doing some
RTFM'ing, this configuration change worked:

SocketTrustStore=<truststorefile>
SocketTrustStorePassword=<password>

...this will now connect if the right store is used, and will fail with
SSL handshake error if it is not the correct store (or if the server
present the wrong certificate, I suppose).

Thanks again.


Oh, and just curious: any idea when these snapshots will be released
and/or put on Maven repo(s)?

On 1/15/16 1:01 AM, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi,
>
> please check here for the SSL settings(just search for SSLto see the available parameters):
> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>
> Regards,
> Chris.
>
> On 15/01/16 00:08, Sean LeBlanc wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Thanks for the replies on this, I appreciate it.
>>
>> So, I've tried this snapshot jar...
>>
>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>
>>
>> But it doesn't seem to behave any differently. The client does not
>> appear to validate the server's certificate. Is there additional
>> configuration I should be doing, or additional things to try?
>>
>>
>> On 1/13/16 1:39 AM, Christoph John wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Hi,
>>>
>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>> know if it will solve your problem.
>>> You can download a 1.7.0 snapshot here to check:
>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>
>>> Best regards,
>>> Christoph.
>>>
>>>
>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>> makes a difference) to validate the server's certificate. We have this
>>>> configuration:
>>>>
>>>> SocketUseSSL = "Y"
>>>> SocketKeyStore = "<keystorefile>"
>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>
>>>>
>>>> This appears to do something, because if you get the password wrong,
>>>> errors will get thrown.
>>>>
>>>>
>>>> However, it doesn't seem to be validating the certificate the server is
>>>> using? Reason being that if I substitute another file for the keystore
>>>> with certificate that has nothing to do with the certificate the server
>>>> is using, it still connects and will send/receive messages.
>>>>
>>>>
>>>> Is there a way to make the client/initiator to validate the
>>>> server/acceptor's certificate?
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>> _______________________________________________
>>>> Quickfixj-users mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________
>> Quickfixj-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Colin DuPlantis
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


I can put a new snapshot up on the Maven repo.

No idea about release dates, though.

On 01/15/2016 09:17 AM, Sean LeBlanc wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Yes! Thank you. For anyone else following along, after doing some
> RTFM'ing, this configuration change worked:
>
> SocketTrustStore=<truststorefile>
> SocketTrustStorePassword=<password>
>
> ...this will now connect if the right store is used, and will fail with
> SSL handshake error if it is not the correct store (or if the server
> present the wrong certificate, I suppose).
>
> Thanks again.
>
>
> Oh, and just curious: any idea when these snapshots will be released
> and/or put on Maven repo(s)?
>
> On 1/15/16 1:01 AM, Christoph John wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hi,
>>
>> please check here for the SSL settings(just search for SSLto see the available parameters):
>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>
>> Regards,
>> Chris.
>>
>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Thanks for the replies on this, I appreciate it.
>>>
>>> So, I've tried this snapshot jar...
>>>
>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>
>>>
>>> But it doesn't seem to behave any differently. The client does not
>>> appear to validate the server's certificate. Is there additional
>>> configuration I should be doing, or additional things to try?
>>>
>>>
>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Hi,
>>>>
>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>> know if it will solve your problem.
>>>> You can download a 1.7.0 snapshot here to check:
>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>
>>>> Best regards,
>>>> Christoph.
>>>>
>>>>
>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>> makes a difference) to validate the server's certificate. We have this
>>>>> configuration:
>>>>>
>>>>> SocketUseSSL = "Y"
>>>>> SocketKeyStore = "<keystorefile>"
>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>
>>>>>
>>>>> This appears to do something, because if you get the password wrong,
>>>>> errors will get thrown.
>>>>>
>>>>>
>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>> using? Reason being that if I substitute another file for the keystore
>>>>> with certificate that has nothing to do with the certificate the server
>>>>> is using, it still connects and will send/receive messages.
>>>>>
>>>>>
>>>>> Is there a way to make the client/initiator to validate the
>>>>> server/acceptor's certificate?
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>> _______________________________________________
>>>>> Quickfixj-users mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>> _______________________________________________
>>> Quickfixj-users mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884 +1.541.306.6556
http://www.marketcetera.org


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
In reply to this post by Sean LeBlanc
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

thanks for the update. Glad that it worked.
Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
There is currently no date for the 1.7 release.

Cheers,
Chris.


On 15/01/16 18:17, Sean LeBlanc wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Yes! Thank you. For anyone else following along, after doing some
> RTFM'ing, this configuration change worked:
>
> SocketTrustStore=<truststorefile>
> SocketTrustStorePassword=<password>
>
> ...this will now connect if the right store is used, and will fail with
> SSL handshake error if it is not the correct store (or if the server
> present the wrong certificate, I suppose).
>
> Thanks again.
>
>
> Oh, and just curious: any idea when these snapshots will be released
> and/or put on Maven repo(s)?
>
> On 1/15/16 1:01 AM, Christoph John wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hi,
>>
>> please check here for the SSL settings(just search for SSLto see the available parameters):
>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>
>> Regards,
>> Chris.
>>
>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Thanks for the replies on this, I appreciate it.
>>>
>>> So, I've tried this snapshot jar...
>>>
>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>
>>>
>>> But it doesn't seem to behave any differently. The client does not
>>> appear to validate the server's certificate. Is there additional
>>> configuration I should be doing, or additional things to try?
>>>
>>>
>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Hi,
>>>>
>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>> know if it will solve your problem.
>>>> You can download a 1.7.0 snapshot here to check:
>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>
>>>> Best regards,
>>>> Christoph.
>>>>
>>>>
>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>> makes a difference) to validate the server's certificate. We have this
>>>>> configuration:
>>>>>
>>>>> SocketUseSSL = "Y"
>>>>> SocketKeyStore = "<keystorefile>"
>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>
>>>>>
>>>>> This appears to do something, because if you get the password wrong,
>>>>> errors will get thrown.
>>>>>
>>>>>
>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>> using? Reason being that if I substitute another file for the keystore
>>>>> with certificate that has nothing to do with the certificate the server
>>>>> is using, it still connects and will send/receive messages.
>>>>>
>>>>>
>>>>> Is there a way to make the client/initiator to validate the
>>>>> server/acceptor's certificate?
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>> _______________________________________________
>>>>> Quickfixj-users mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>> _______________________________________________
>>> Quickfixj-users mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Colin DuPlantis
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Chris,

Do you need me to put up any more snapshots/builds on the Marketcetera repo?



On 01/19/2016 12:59 AM, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi,
>
> thanks for the update. Glad that it worked.
> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
> There is currently no date for the 1.7 release.
>
> Cheers,
> Chris.
>
>
> On 15/01/16 18:17, Sean LeBlanc wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Yes! Thank you. For anyone else following along, after doing some
>> RTFM'ing, this configuration change worked:
>>
>> SocketTrustStore=<truststorefile>
>> SocketTrustStorePassword=<password>
>>
>> ...this will now connect if the right store is used, and will fail with
>> SSL handshake error if it is not the correct store (or if the server
>> present the wrong certificate, I suppose).
>>
>> Thanks again.
>>
>>
>> Oh, and just curious: any idea when these snapshots will be released
>> and/or put on Maven repo(s)?
>>
>> On 1/15/16 1:01 AM, Christoph John wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Hi,
>>>
>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>
>>> Regards,
>>> Chris.
>>>
>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Thanks for the replies on this, I appreciate it.
>>>>
>>>> So, I've tried this snapshot jar...
>>>>
>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>
>>>>
>>>> But it doesn't seem to behave any differently. The client does not
>>>> appear to validate the server's certificate. Is there additional
>>>> configuration I should be doing, or additional things to try?
>>>>
>>>>
>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>>> know if it will solve your problem.
>>>>> You can download a 1.7.0 snapshot here to check:
>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>
>>>>> Best regards,
>>>>> Christoph.
>>>>>
>>>>>
>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>> configuration:
>>>>>>
>>>>>> SocketUseSSL = "Y"
>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>
>>>>>>
>>>>>> This appears to do something, because if you get the password wrong,
>>>>>> errors will get thrown.
>>>>>>
>>>>>>
>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>> is using, it still connects and will send/receive messages.
>>>>>>
>>>>>>
>>>>>> Is there a way to make the client/initiator to validate the
>>>>>> server/acceptor's certificate?
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>> _______________________________________________
>>>>>> Quickfixj-users mailing list
>>>>>> [hidden email]
>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>> _______________________________________________
>>>> Quickfixj-users mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________
>> Quickfixj-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884 +1.541.306.6556
http://www.marketcetera.org


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi Colin,

if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
work in progress and has not been tested with releases yet.

Thank you and best regards,
Chris.


On 19/01/16 17:26, Colin DuPlantis wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Chris,
>
> Do you need me to put up any more snapshots/builds on the Marketcetera repo?
>
>
>
> On 01/19/2016 12:59 AM, Christoph John wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hi,
>>
>> thanks for the update. Glad that it worked.
>> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
>> There is currently no date for the 1.7 release.
>>
>> Cheers,
>> Chris.
>>
>>
>> On 15/01/16 18:17, Sean LeBlanc wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Yes! Thank you. For anyone else following along, after doing some
>>> RTFM'ing, this configuration change worked:
>>>
>>> SocketTrustStore=<truststorefile>
>>> SocketTrustStorePassword=<password>
>>>
>>> ...this will now connect if the right store is used, and will fail with
>>> SSL handshake error if it is not the correct store (or if the server
>>> present the wrong certificate, I suppose).
>>>
>>> Thanks again.
>>>
>>>
>>> Oh, and just curious: any idea when these snapshots will be released
>>> and/or put on Maven repo(s)?
>>>
>>> On 1/15/16 1:01 AM, Christoph John wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Hi,
>>>>
>>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>>
>>>> Regards,
>>>> Chris.
>>>>
>>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Thanks for the replies on this, I appreciate it.
>>>>>
>>>>> So, I've tried this snapshot jar...
>>>>>
>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>>
>>>>>
>>>>> But it doesn't seem to behave any differently. The client does not
>>>>> appear to validate the server's certificate. Is there additional
>>>>> configuration I should be doing, or additional things to try?
>>>>>
>>>>>
>>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>>>> know if it will solve your problem.
>>>>>> You can download a 1.7.0 snapshot here to check:
>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>>
>>>>>> Best regards,
>>>>>> Christoph.
>>>>>>
>>>>>>
>>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>
>>>>>>>
>>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>>> configuration:
>>>>>>>
>>>>>>> SocketUseSSL = "Y"
>>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>>
>>>>>>>
>>>>>>> This appears to do something, because if you get the password wrong,
>>>>>>> errors will get thrown.
>>>>>>>
>>>>>>>
>>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>>> is using, it still connects and will send/receive messages.
>>>>>>>
>>>>>>>
>>>>>>> Is there a way to make the client/initiator to validate the
>>>>>>> server/acceptor's certificate?
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>> _______________________________________________
>>>>>>> Quickfixj-users mailing list
>>>>>>> [hidden email]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>> _______________________________________________
>>>>> Quickfixj-users mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>> _______________________________________________
>>> Quickfixj-users mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Colin DuPlantis
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Sure, I'll put a new 1.7 snapshot up.

Do you need a 1.6.2 snapshot as well? Do you have a release date for 1.6.2?

On 1/21/16 12:20 AM, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi Colin,
>
> if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
> work in progress and has not been tested with releases yet.
>
> Thank you and best regards,
> Chris.
>
>
> On 19/01/16 17:26, Colin DuPlantis wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Chris,
>>
>> Do you need me to put up any more snapshots/builds on the Marketcetera repo?
>>
>>
>>
>> On 01/19/2016 12:59 AM, Christoph John wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Hi,
>>>
>>> thanks for the update. Glad that it worked.
>>> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
>>> There is currently no date for the 1.7 release.
>>>
>>> Cheers,
>>> Chris.
>>>
>>>
>>> On 15/01/16 18:17, Sean LeBlanc wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Yes! Thank you. For anyone else following along, after doing some
>>>> RTFM'ing, this configuration change worked:
>>>>
>>>> SocketTrustStore=<truststorefile>
>>>> SocketTrustStorePassword=<password>
>>>>
>>>> ...this will now connect if the right store is used, and will fail with
>>>> SSL handshake error if it is not the correct store (or if the server
>>>> present the wrong certificate, I suppose).
>>>>
>>>> Thanks again.
>>>>
>>>>
>>>> Oh, and just curious: any idea when these snapshots will be released
>>>> and/or put on Maven repo(s)?
>>>>
>>>> On 1/15/16 1:01 AM, Christoph John wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>>>
>>>>> Regards,
>>>>> Chris.
>>>>>
>>>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> Thanks for the replies on this, I appreciate it.
>>>>>>
>>>>>> So, I've tried this snapshot jar...
>>>>>>
>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>>>
>>>>>>
>>>>>> But it doesn't seem to behave any differently. The client does not
>>>>>> appear to validate the server's certificate. Is there additional
>>>>>> configuration I should be doing, or additional things to try?
>>>>>>
>>>>>>
>>>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>>>>> know if it will solve your problem.
>>>>>>> You can download a 1.7.0 snapshot here to check:
>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Christoph.
>>>>>>>
>>>>>>>
>>>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>>
>>>>>>>>
>>>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>>>> configuration:
>>>>>>>>
>>>>>>>> SocketUseSSL = "Y"
>>>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>>>
>>>>>>>>
>>>>>>>> This appears to do something, because if you get the password wrong,
>>>>>>>> errors will get thrown.
>>>>>>>>
>>>>>>>>
>>>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>>>> is using, it still connects and will send/receive messages.
>>>>>>>>
>>>>>>>>
>>>>>>>> Is there a way to make the client/initiator to validate the
>>>>>>>> server/acceptor's certificate?
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>> _______________________________________________
>>>>>>>> Quickfixj-users mailing list
>>>>>>>> [hidden email]
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>> ------------------------------------------------------------------------------
>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>> _______________________________________________
>>>>>> Quickfixj-users mailing list
>>>>>> [hidden email]
>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>> _______________________________________________
>>>> Quickfixj-users mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
800.819.2928 x101 +1.541.306.6556
http://www.marketcetera.org


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Thank you. Yes, please put up a 1.6.2 snapshot as well.
At the moment there is no fixed release date. But I hope it will be some time next month at the latest.

Cheers,
Chris.


On 21/01/16 14:26, Colin DuPlantis wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Sure, I'll put a new 1.7 snapshot up.
>
> Do you need a 1.6.2 snapshot as well? Do you have a release date for 1.6.2?
>
> On 1/21/16 12:20 AM, Christoph John wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hi Colin,
>>
>> if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
>> work in progress and has not been tested with releases yet.
>>
>> Thank you and best regards,
>> Chris.
>>
>>
>> On 19/01/16 17:26, Colin DuPlantis wrote:
>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>
>>>
>>> Chris,
>>>
>>> Do you need me to put up any more snapshots/builds on the Marketcetera repo?
>>>
>>>
>>>
>>> On 01/19/2016 12:59 AM, Christoph John wrote:
>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Hi,
>>>>
>>>> thanks for the update. Glad that it worked.
>>>> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
>>>> There is currently no date for the 1.7 release.
>>>>
>>>> Cheers,
>>>> Chris.
>>>>
>>>>
>>>> On 15/01/16 18:17, Sean LeBlanc wrote:
>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Yes! Thank you. For anyone else following along, after doing some
>>>>> RTFM'ing, this configuration change worked:
>>>>>
>>>>> SocketTrustStore=<truststorefile>
>>>>> SocketTrustStorePassword=<password>
>>>>>
>>>>> ...this will now connect if the right store is used, and will fail with
>>>>> SSL handshake error if it is not the correct store (or if the server
>>>>> present the wrong certificate, I suppose).
>>>>>
>>>>> Thanks again.
>>>>>
>>>>>
>>>>> Oh, and just curious: any idea when these snapshots will be released
>>>>> and/or put on Maven repo(s)?
>>>>>
>>>>> On 1/15/16 1:01 AM, Christoph John wrote:
>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>>>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>>>>
>>>>>> Regards,
>>>>>> Chris.
>>>>>>
>>>>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>
>>>>>>>
>>>>>>> Thanks for the replies on this, I appreciate it.
>>>>>>>
>>>>>>> So, I've tried this snapshot jar...
>>>>>>>
>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>>>>
>>>>>>>
>>>>>>> But it doesn't seem to behave any differently. The client does not
>>>>>>> appear to validate the server's certificate. Is there additional
>>>>>>> configuration I should be doing, or additional things to try?
>>>>>>>
>>>>>>>
>>>>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
>>>>>>>> know if it will solve your problem.
>>>>>>>> You can download a 1.7.0 snapshot here to check:
>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Christoph.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>>>>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>>>>>>>>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>>>>> configuration:
>>>>>>>>>
>>>>>>>>> SocketUseSSL = "Y"
>>>>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This appears to do something, because if you get the password wrong,
>>>>>>>>> errors will get thrown.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>>>>> is using, it still connects and will send/receive messages.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Is there a way to make the client/initiator to validate the
>>>>>>>>> server/acceptor's certificate?
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>>> _______________________________________________
>>>>>>>>> Quickfixj-users mailing list
>>>>>>>>> [hidden email]
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>> _______________________________________________
>>>>>>> Quickfixj-users mailing list
>>>>>>> [hidden email]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>> _______________________________________________
>>>>> Quickfixj-users mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Colin DuPlantis
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



New snapshots for 1.6.2 and 1.7.0 posted for both FP and BD types.

Our naming standard for the BD versions is version-bd-SNAPSHOT, so 1.6.2-bd-SNAPSHOT, e.g.

I noticed that we were deploying to quickfixj/quickfixj in our repo but your standard for the groupId is org.quickfixj. Sorry about that. I fixed that this time around. This means that you'll need to change your build instructions:

you current say:

<dependency>
    <groupId>quickfixj</groupId>
    <artifactId>quickfixj-core</artifactId>
    <version>1.6.2</version>
</dependency>

you'll want to say:

<dependency>
    <groupId>org.quickfixj</groupId>
    <artifactId>quickfixj-core</artifactId>
    <version>1.6.2</version>
</dependency>

LMK if you have any questions or comments.

On 01/22/2016 03:17 AM, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Thank you. Yes, please put up a 1.6.2 snapshot as well.
At the moment there is no fixed release date. But I hope it will be some time next month at the latest.

Cheers,
Chris.


On 21/01/16 14:26, Colin DuPlantis wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Sure, I'll put a new 1.7 snapshot up.

Do you need a 1.6.2 snapshot as well? Do you have a release date for 1.6.2?

On 1/21/16 12:20 AM, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi Colin,

if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
work in progress and has not been tested with releases yet.

Thank you and best regards,
Chris.


On 19/01/16 17:26, Colin DuPlantis wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Chris,

Do you need me to put up any more snapshots/builds on the Marketcetera repo?



On 01/19/2016 12:59 AM, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

thanks for the update. Glad that it worked.
Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
There is currently no date for the 1.7 release.

Cheers,
Chris.


On 15/01/16 18:17, Sean LeBlanc wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Yes! Thank you. For anyone else following along, after doing some
RTFM'ing, this configuration change worked:

SocketTrustStore=<truststorefile>
SocketTrustStorePassword=<password>

...this will now connect if the right store is used, and will fail with
SSL handshake error if it is not the correct store (or if the server
present the wrong certificate, I suppose).

Thanks again.


Oh, and just curious: any idea when these snapshots will be released
and/or put on Maven repo(s)?

On 1/15/16 1:01 AM, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

please check here for the SSL settings(just search for SSLto see the available parameters):
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html

Regards,
Chris.

On 15/01/16 00:08, Sean LeBlanc wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Thanks for the replies on this, I appreciate it.

So, I've tried this snapshot jar...

https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar


But it doesn't seem to behave any differently. The client does not
appear to validate the server's certificate. Is there additional
configuration I should be doing, or additional things to try?


On 1/13/16 1:39 AM, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

the only thing I remember in this area is http://www.quickfixj.org/jira/browse/QFJ-821 but I don't
know if it will solve your problem.
You can download a 1.7.0 snapshot here to check:
https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/

Best regards,
Christoph.


On 12/01/16 22:32, Sean LeBlanc wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
makes a difference) to validate the server's certificate. We have this
configuration:

SocketUseSSL = "Y"
SocketKeyStore = "<keystorefile>"
SocketKeyStorePassword = "<keystorefilepassword>"


This appears to do something, because if you get the password wrong,
errors will get thrown.


However, it doesn't seem to be validating the certificate the server is
using? Reason being that if I substitute another file for the keystore
with certificate that has nothing to do with the certificate the server
is using, it still connects and will send/receive messages.


Is there a way to make the client/initiator to validate the
server/acceptor's certificate?

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users

    

-- 
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884 +1.541.306.6556
http://www.marketcetera.org

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi Colin,

could you please tell me in which POM file you have found this? I checked them and there was always
org.quickfixj as groupID. But maybe I was grepping wrong?!

Thanks,
Chris.


On 26/01/16 18:47, Colin DuPlantis wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
>
> New snapshots for 1.6.2 and 1.7.0 posted for both FP and BD types.
>
> Our naming standard for the BD versions is version-bd-SNAPSHOT, so 1.6.2-bd-SNAPSHOT, e.g.
>
> I noticed that we were deploying to quickfixj/quickfixj in our repo but your standard for the
> groupId is org.quickfixj. Sorry about that. I fixed that this time around. This means that you'll
> need to change your build instructions:
>
> you current say:
>
> <dependency>
>      <groupId>quickfixj</groupId>
>      <artifactId>quickfixj-core</artifactId>
>      <version>1.6.2</version>
> </dependency>
>
> you'll want to say:
>
> <dependency>
>      <groupId>org.quickfixj</groupId>
>      <artifactId>quickfixj-core</artifactId>
>      <version>1.6.2</version>
> </dependency>
>
> LMK if you have any questions or comments.
>
> On 01/22/2016 03:17 AM, Christoph John wrote:
>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>
>>
>> Thank you. Yes, please put up a 1.6.2 snapshot as well.
>> At the moment there is no fixed release date. But I hope it will be some time next month at the latest.
>>
>> Cheers,
>> Chris.
>>
>>
>> On 21/01/16 14:26, Colin DuPlantis wrote:
>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>
>>>
>>> Sure, I'll put a new 1.7 snapshot up.
>>>
>>> Do you need a 1.6.2 snapshot as well? Do you have a release date for 1.6.2?
>>>
>>> On 1/21/16 12:20 AM, Christoph John wrote:
>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Hi Colin,
>>>>
>>>> if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
>>>> work in progress and has not been tested with releases yet.
>>>>
>>>> Thank you and best regards,
>>>> Chris.
>>>>
>>>>
>>>> On 19/01/16 17:26, Colin DuPlantis wrote:
>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Chris,
>>>>>
>>>>> Do you need me to put up any more snapshots/builds on the Marketcetera repo?
>>>>>
>>>>>
>>>>>
>>>>> On 01/19/2016 12:59 AM, Christoph John wrote:
>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> thanks for the update. Glad that it worked.
>>>>>> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
>>>>>> There is currently no date for the 1.7 release.
>>>>>>
>>>>>> Cheers,
>>>>>> Chris.
>>>>>>
>>>>>>
>>>>>> On 15/01/16 18:17, Sean LeBlanc wrote:
>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>
>>>>>>>
>>>>>>> Yes! Thank you. For anyone else following along, after doing some
>>>>>>> RTFM'ing, this configuration change worked:
>>>>>>>
>>>>>>> SocketTrustStore=<truststorefile>
>>>>>>> SocketTrustStorePassword=<password>
>>>>>>>
>>>>>>> ...this will now connect if the right store is used, and will fail with
>>>>>>> SSL handshake error if it is not the correct store (or if the server
>>>>>>> present the wrong certificate, I suppose).
>>>>>>>
>>>>>>> Thanks again.
>>>>>>>
>>>>>>>
>>>>>>> Oh, and just curious: any idea when these snapshots will be released
>>>>>>> and/or put on Maven repo(s)?
>>>>>>>
>>>>>>> On 1/15/16 1:01 AM, Christoph John wrote:
>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>>>>>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Chris.
>>>>>>>>
>>>>>>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks for the replies on this, I appreciate it.
>>>>>>>>>
>>>>>>>>> So, I've tried this snapshot jar...
>>>>>>>>>
>>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> But it doesn't seem to behave any differently. The client does not
>>>>>>>>> appear to validate the server's certificate. Is there additional
>>>>>>>>> configuration I should be doing, or additional things to try?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> the only thing I remember in this area ishttp://www.quickfixj.org/jira/browse/QFJ-821  but I don't
>>>>>>>>>> know if it will solve your problem.
>>>>>>>>>> You can download a 1.7.0 snapshot here to check:
>>>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Christoph.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>>>>>>> configuration:
>>>>>>>>>>>
>>>>>>>>>>> SocketUseSSL = "Y"
>>>>>>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This appears to do something, because if you get the password wrong,
>>>>>>>>>>> errors will get thrown.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>>>>>>> is using, it still connects and will send/receive messages.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Is there a way to make the client/initiator to validate the
>>>>>>>>>>> server/acceptor's certificate?
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Quickfixj-users mailing list
>>>>>>>>>>> [hidden email]
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>>> _______________________________________________
>>>>>>>>> Quickfixj-users mailing list
>>>>>>>>> [hidden email]
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>> _______________________________________________
>>>>>>> Quickfixj-users mailing list
>>>>>>> [hidden email]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
> --
> Colin DuPlantis
> Chief Architect, Marketcetera
> Download, Run, Trade
> 888.868.4884 +1.541.306.6556
> http://www.marketcetera.org
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Getting initiator to validate the server's certificate

Colin DuPlantis
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Yes, sorry to be unclear. I did not mean to say, "you changed the
groupId", I meant to say, "we have, for reasons unexplained, previously
deployed in our repo to quickfixj instead of org.quickfixj".

Your build instructions reflect this by requiring your own artifacts to
be listed in pom.xml as dependencies under "quickfixj/quickfixj". I
deployed, this time around, to the proper org.quickfixj in our repo.
Therefore, your build instructions should list your dependency properly
as "org.quickfixj/quickfixj".

Sorry about the confusion (we caused).

On 1/27/16 4:00 AM, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi Colin,
>
> could you please tell me in which POM file you have found this? I checked them and there was always
> org.quickfixj as groupID. But maybe I was grepping wrong?!
>
> Thanks,
> Chris.
>
>
> On 26/01/16 18:47, Colin DuPlantis wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>>
>>
>> New snapshots for 1.6.2 and 1.7.0 posted for both FP and BD types.
>>
>> Our naming standard for the BD versions is version-bd-SNAPSHOT, so 1.6.2-bd-SNAPSHOT, e.g.
>>
>> I noticed that we were deploying to quickfixj/quickfixj in our repo but your standard for the
>> groupId is org.quickfixj. Sorry about that. I fixed that this time around. This means that you'll
>> need to change your build instructions:
>>
>> you current say:
>>
>> <dependency>
>>      <groupId>quickfixj</groupId>
>>      <artifactId>quickfixj-core</artifactId>
>>      <version>1.6.2</version>
>> </dependency>
>>
>> you'll want to say:
>>
>> <dependency>
>>      <groupId>org.quickfixj</groupId>
>>      <artifactId>quickfixj-core</artifactId>
>>      <version>1.6.2</version>
>> </dependency>
>>
>> LMK if you have any questions or comments.
>>
>> On 01/22/2016 03:17 AM, Christoph John wrote:
>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>
>>>
>>> Thank you. Yes, please put up a 1.6.2 snapshot as well.
>>> At the moment there is no fixed release date. But I hope it will be some time next month at the latest.
>>>
>>> Cheers,
>>> Chris.
>>>
>>>
>>> On 21/01/16 14:26, Colin DuPlantis wrote:
>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>
>>>>
>>>> Sure, I'll put a new 1.7 snapshot up.
>>>>
>>>> Do you need a 1.6.2 snapshot as well? Do you have a release date for 1.6.2?
>>>>
>>>> On 1/21/16 12:20 AM, Christoph John wrote:
>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>
>>>>>
>>>>> Hi Colin,
>>>>>
>>>>> if you could do this for the time being it would be great. Currently the uploadto Sonatype is still
>>>>> work in progress and has not been tested with releases yet.
>>>>>
>>>>> Thank you and best regards,
>>>>> Chris.
>>>>>
>>>>>
>>>>> On 19/01/16 17:26, Colin DuPlantis wrote:
>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>
>>>>>>
>>>>>> Chris,
>>>>>>
>>>>>> Do you need me to put up any more snapshots/builds on the Marketcetera repo?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 01/19/2016 12:59 AM, Christoph John wrote:
>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> thanks for the update. Glad that it worked.
>>>>>>> Only the releases will be automatically put on Maven central. The snapshots will only be on Sonatype.
>>>>>>> There is currently no date for the 1.7 release.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Chris.
>>>>>>>
>>>>>>>
>>>>>>> On 15/01/16 18:17, Sean LeBlanc wrote:
>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>
>>>>>>>>
>>>>>>>> Yes! Thank you. For anyone else following along, after doing some
>>>>>>>> RTFM'ing, this configuration change worked:
>>>>>>>>
>>>>>>>> SocketTrustStore=<truststorefile>
>>>>>>>> SocketTrustStorePassword=<password>
>>>>>>>>
>>>>>>>> ...this will now connect if the right store is used, and will fail with
>>>>>>>> SSL handshake error if it is not the correct store (or if the server
>>>>>>>> present the wrong certificate, I suppose).
>>>>>>>>
>>>>>>>> Thanks again.
>>>>>>>>
>>>>>>>>
>>>>>>>> Oh, and just curious: any idea when these snapshots will be released
>>>>>>>> and/or put on Maven repo(s)?
>>>>>>>>
>>>>>>>> On 1/15/16 1:01 AM, Christoph John wrote:
>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> please check here for the SSL settings(just search for SSLto see the available parameters):
>>>>>>>>> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Chris.
>>>>>>>>>
>>>>>>>>> On 15/01/16 00:08, Sean LeBlanc wrote:
>>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks for the replies on this, I appreciate it.
>>>>>>>>>>
>>>>>>>>>> So, I've tried this snapshot jar...
>>>>>>>>>>
>>>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/quickfixj-all/1.7.0-SNAPSHOT/quickfixj-all-1.7.0-20160114.154430-8.jar
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> But it doesn't seem to behave any differently. The client does not
>>>>>>>>>> appear to validate the server's certificate. Is there additional
>>>>>>>>>> configuration I should be doing, or additional things to try?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 1/13/16 1:39 AM, Christoph John wrote:
>>>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> the only thing I remember in this area ishttp://www.quickfixj.org/jira/browse/QFJ-821  but I don't
>>>>>>>>>>> know if it will solve your problem.
>>>>>>>>>>> You can download a 1.7.0 snapshot here to check:
>>>>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/quickfixj/
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Christoph.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 12/01/16 22:32, Sean LeBlanc wrote:
>>>>>>>>>>>> QuickFIX/J Documentation:http://www.quickfixj.org/documentation/
>>>>>>>>>>>> QuickFIX/J Support:http://www.quickfixj.org/support/
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I am trying to get QuickFix/J (1.5.3, but I could update to newer if it
>>>>>>>>>>>> makes a difference) to validate the server's certificate. We have this
>>>>>>>>>>>> configuration:
>>>>>>>>>>>>
>>>>>>>>>>>> SocketUseSSL = "Y"
>>>>>>>>>>>> SocketKeyStore = "<keystorefile>"
>>>>>>>>>>>> SocketKeyStorePassword = "<keystorefilepassword>"
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This appears to do something, because if you get the password wrong,
>>>>>>>>>>>> errors will get thrown.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> However, it doesn't seem to be validating the certificate the server is
>>>>>>>>>>>> using? Reason being that if I substitute another file for the keystore
>>>>>>>>>>>> with certificate that has nothing to do with the certificate the server
>>>>>>>>>>>> is using, it still connects and will send/receive messages.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Is there a way to make the client/initiator to validate the
>>>>>>>>>>>> server/acceptor's certificate?
>>>>>>>>>>>>
>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Quickfixj-users mailing list
>>>>>>>>>>>> [hidden email]
>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Quickfixj-users mailing list
>>>>>>>>>> [hidden email]
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>>>> _______________________________________________
>>>>>>>> Quickfixj-users mailing list
>>>>>>>> [hidden email]
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>> --
>> Colin DuPlantis
>> Chief Architect, Marketcetera
>> Download, Run, Trade
>> 888.868.4884 +1.541.306.6556
>> http://www.marketcetera.org
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>
>>
>> _______________________________________________
>> Quickfixj-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
800.819.2928 x101 +1.541.306.6556
http://www.marketcetera.org


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Loading...