https support

[greg.schmidt@…]

I enhanced my version of JOSM to support https.
I don't have much time to customize it to work in general in the open source version, but wondering if you want to look over the code? I did a hack to HttpClient.java overloading it to support both Http and Https, which was the easier solution then doing it properly by making a separate HttpsClient class. I also modified the Preferences gui to allow a user to enter a P12 (pem) cert and password with a Swing Gui file finder. Anyway, not sure this is interesting to your group, but if so, I will send along code to you for someone to look at, modify as they please.

Greg

[stoecker]

I don't know what you did, but JOSM uses https as default for some time now. There are no hacks necessary to do so. E.G. ATM 89% of the accesses from JOSM to JOSM server are https already.

What did you do?

[anonymous]

Just studied your latest version. Your right it does now do the https. Definitely was different back in July.
However, you are doing https without a personal cert per user (i.e. without a 2-step authentication). My guess is the code is using a null or self trust authorization process. However, that is good to know that https has been added recently then.
Nevermind my ticket unless there is interest in a 2-step auth code.

[stoecker]

Well, that change was r6920 and in March 2014. That's two and a half year back, not recently.

There are nearly no servers who support client certificates at all, so it makes little sense for us to implement this feature, especially as it would be relatively complex involving managing multiple certificates related server names.