calling a web service that has an untrusted certificate using ssl in flex/air

In our flex/air application we are calling a web service over https. The web service is java based and has, at the moment, an untrusted certificate.

When doing a POST to the service with some json, the payload on the server side is pretty garbled. A popup does occur asking whether you want to continue and even when I do and add the untrusted certificate into my keychain (on the mac), the data sent through always comes through mangled.

I installed charles http proxy to see the actual traffic and it seems at times I'm getting a SSLHandshakeException back... I'm guessing this is causing the garbled data as ssl isn't being setup properly.

So, to the question - can air/flex handle untrusted certificates? Is there a workaround that you can do? For example in java with commons httpclient 开发者_如何学Cyou can work around it at the socket level.

Thanks,

Kieran

I don't know but it might help if you use the secure attribute in your server-side crossdomain.xml like this:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="mydomain.com" secure="false" />
</cross-domain-policy>