hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ulrich Freyer-Hirtz" <Ulrich.Freyer-Hi...@valtech.de>
Subject AW: Proxied SSL connection
Date Tue, 05 Aug 2003 15:03:11 GMT
>I agree with Oleg here.  It seems this server is not configured as an 
>SSL proxy.  
May be at another port. There are running two Apache. One as Proxy, one as WebServer. I'll
try to find out the port-configuration.
I'm wondering, who creates that CONNECT-Statement ? Ask the Client the Server : "What Protocoll
do you have at Port 80?" ? I told the client to be myHttps  (which is the Instantiation of
my SSLProtocol written for the workaround "untrusted certificates") not to be HTTP.

>Apache is capable of handling SSL tunneling via CONNECT but 
>it appears to not be configured that way.  Also I am wondering why you 
>are using NTLM authentication with Apache.
The Code was stolen from an example out of a thread from this list, discussing a similary
theme. Just checked it out with UserPasswordCredentials, but there was no success. 

What about the SSL Testprogramm. It runs with example "www.verisign.com". Does that really
mean, that everything in SSL-configuration is all right. Why throws it an "Caused by: java.security.cert.CertificateException:
Could not find trusted certificate"-Exception ? Do I have to register our certificate on Cleint-Site
? In the program ?

uli



Mike

Kalnichevski, Oleg wrote:
> Ulrich,
> 
> You are trying to use a normal HTTP server as if it were a proxy. Of course, that cannot
work. The server is absolutely correct about rejecting the request as syntactically incorrect
(status code 400)
> 
> CEST [DEBUG] wire - ->> "CONNECT https://vkk.valtech.de:80 HTTP/1.1"
> CEST [DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.0rc1[\r][\n]"
> CEST [DEBUG] wire - ->> "Host: https://vkk.valtech.de:80[\r][\n]"
> CEST [DEBUG] wire - ->> "Proxy-Connection: Keep-Alive[\r][\n]"
> CEST [DEBUG] wire - ->> "[\r][\n]"
> CEST [DEBUG] wire - -<< "HTTP/1.1 400 Bad Request[\r][\n]"
> CEST [DEBUG] wire - -<< "Date: Tue, 05 Aug 2003 10:04:14 GMT[\r][\n]"
> CEST [DEBUG] wire - -<< "Server: Apache/1.3.26 (Unix) mod_perl/1.27[\r][\n]"
> CEST [DEBUG] wire - -<< "Connection: close[\r][\n]"
> CEST [DEBUG] wire - -<< "Transfer-Encoding: chunked[\r][\n]"
> CEST [DEBUG] wire - -<< "Content-Type: text/html; charset=iso-8859-1[\r][\n]"
> 
> Please contact your network administrator to find out what port the proxy server is listening
on
> 
> Oleg
> 
> 
> -----Original Message-----
> From: Ulrich Freyer-Hirtz [mailto:Ulrich.Freyer-Hirtz@valtech.de]
> Sent: Tuesday, August 05, 2003 3:30 PM
> To: Commons HttpClient Project
> Subject: AW: Proxied SSL connection
> 
> 
> 
>>Apparently your attachment got rejected by the mail server. Try posting it in ZIP
format.
> 
> Here it comes as zip....
> Also I've some failure in configuration, it would be helpful, if someone could tell me,
that the code should work.
> 
> 
>>You need to know exactly what port your proxy is listening on. Do you know what type
of proxy you are using?
>>Have a look at the "Known limitations and problems" section of the SSL guide. 
>>http://jakarta.apache.org/commons/httpclient/sslguide.html
> 
> 
> Thanks for fast response. I'll check that out and try again.
> Keep you informed.
> 
> Greetings
> uli
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message