Ex: Re: CAS proxy validation failure - Configured TLS trust engine was not used

Paul B. Henson henson at cpp.edu
Mon Aug 17 17:35:26 UTC 2020

> From: Cantor, Scott
> Sent: Monday, August 17, 2020 5:17 AM
> The error generally refers to a misconfigured HttpClient that's not set up with
> the proper socket factory so that the trust engine used to verify the certificate
> is actually enforced. It's a sanity check against misconfiguration because of the
> complex way the TLS verification has to be done.
> The default clients are set up with the intended socket factory, but custom
> clients are obviously custom.

Hmm, while I do plan to at some point use a custom client for CAS proxy validation, I haven't done that yet; it should be using the system default one. Also, it works the first time, but then gives that error the second time? Shouldn't it be using the same client both times? Why would it be configured correctly the first time, but incorrectly the second?

More information about the users mailing list