tags:

views:

546

answers:

1
Q: 

calling a web service that has an untrusted certificate using ssl in flex/air

Hi,

In our flex/air application we are calling a web service over https. The web service is java based and has, at the moment, an untrusted certificate.

When doing a POST to the service with some json, the payload on the server side is pretty garbled. A popup does occur asking whether you want to continue and even when I do and add the untrusted certificate into my keychain (on the mac), the data sent through always comes through mangled.

I installed charles http proxy to see the actual traffic and it seems at times I'm getting a SSLHandshakeException back... I'm guessing this is causing the garbled data as ssl isn't being setup properly.

So, to the question - can air/flex handle untrusted certificates? Is there a workaround that you can do? For example in java with commons httpclient you can work around it at the socket level.

Thanks,

Kieran

+1  A: 

I don't know but it might help if you use the secure attribute in your server-side crossdomain.xml like this: 

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"&gt;
<cross-domain-policy>
  <allow-access-from domain="mydomain.com" secure="false" />
</cross-domain-policy>
Jochen Hilgers  2009-10-22 14:03:54
at the mo, the http site is on an ipaddress with port number is that what needs to go in the place of the mydomain.com bit?
Kieran H  2009-10-22 14:25:49
meh... being dull. as I want all addresses to be able to access the server, it should be a *
Kieran H  2009-10-22 15:35:04
Jochen - cheers! that seems to have rectified the issue so far!
Kieran H  2009-10-23 08:15:21
great...I'm glad that i could help
Jochen Hilgers  2009-10-23 08:53:35
Argh... actually it seems to have helped, but not sorted permanently. According to the http wire logs I'm getting SSLHandshakeExceptions sporadically! The crossdomain.xml has helped but not fully resolved it, it seems.
Kieran H  2009-10-24 15:09:58

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.