Please consider pulling this change. It fixes a problem where, during certificate path validation, the signature of a certificate is not verified against a trusted certificate. Note that it's still not checked whether the trusted certificate is a self-signed CA cert. (it breaks the path validation test suite), so I made a note of that in the comments.
Otherwise, this change passes the tests for me (except for SSLConfiguratorTest and TomcatTest/ClientTest, which were breaking for me even before the changes), and it looks like it's working with the GSI-SSHTerm java client when connecting to real TeraGrid SSH servers as well as my own test one.
I have a more isolated test case that I've uploaded here:
Please consider pulling this change. It fixes a problem where, during certificate path validation, the signature of a certificate is not verified against a trusted certificate. Note that it's still not checked whether the trusted certificate is a self-signed CA cert. (it breaks the path validation test suite), so I made a note of that in the comments.
Otherwise, this change passes the tests for me (except for SSLConfiguratorTest and TomcatTest/ClientTest, which were breaking for me even before the changes), and it looks like it's working with the GSI-SSHTerm java client when connecting to real TeraGrid SSH servers as well as my own test one.
I have a more isolated test case that I've uploaded here:
https://github.com/jsiwek/JGlobusPathValidationTest
That could probably be turned into a test case in ProxyPathValidatorTest.