hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: [Https & proxy] Impossible to connect
Date Wed, 05 Nov 2003 10:40:57 GMT
Samuel,
HttpClient does not implement its own SSL support. It relies on standard JSSE libraries to
make the magic happen. The exception you are getting is thrown by the JSSE layer, which seems
to indicate the problem with your SSL setup rather than a problem in HttpClient. Please have
a look at troubleshooting section of the HttpClient SSL guide below

http://jakarta.apache.org/commons/httpclient/sslguide.html

See if you can establish connection using plain SSLSocket. Another thing to try is hitting
the server directly (not via a proxy) to see if that makes any difference. Usually SSL via
proxy is highly prone to all sorts of mishaps due to its complexity. If possible, try to reduce
the complexity of your setup in order to pinpoint the component that causes the trouble in
the first place.

Oleg


-----Original Message-----
From: Samuel BONNANFANT [mailto:sbonnanf@yahoo.fr]
Sent: Wednesday, November 05, 2003 11:26
To: Commons HttpClient Project
Subject: RE: [Https & proxy] Impossible to connect


Thanks for your answer,

Indeed, I tried a development version of HttpClient,
since "HttpClient v2.0 rc2" didn't work as I expected.

Here are the logs with 2.0 rc2 :
2003/11/05 11:16:05:140 CET [DEBUG] HttpConnection -
-HttpConnection.setSoTimeout(0)
2003/11/05 11:16:05:187 CET [DEBUG] HttpMethodBase -
-Preemptively sending default basic credentials
2003/11/05 11:16:05:515 CET [DEBUG] HttpMethodBase -
-Default basic proxy credentials applied
2003/11/05 11:16:05:515 CET [DEBUG] HttpMethodBase -
-Execute loop try 1
2003/11/05 11:16:05:531 CET [DEBUG] wire - ->> "POST
https://abc.sam.fr:8180/toto HTTP/1.1[\r][\n]"
2003/11/05 11:16:05:531 CET [DEBUG] HttpMethodBase -
-Adding Host request header
2003/11/05 11:16:05:546 CET [DEBUG] HttpMethodBase -
-Default charset used: ISO-8859-1
2003/11/05 11:16:05:578 CET [DEBUG] wire - ->>
"application/x-www-form-urlencoded: [\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->>
"Proxy-Authorization: Basic c2JuOnNibjI=[\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->>
"User-Agent: Jakarta
Commons-HttpClient/2.0rc2[\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->> "Host:
abc.sam.fr:8180[\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->>
"Proxy-Connection: Keep-Alive[\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->>
"Content-Length: 774[\r][\n]"
2003/11/05 11:16:05:593 CET [DEBUG] wire - ->>
"Content-Type:
application/x-www-form-urlencoded[\r][\n]"
%% No cached client session
*** ClientHello, v3.1
RandomCookie:  GMT: 1051184357 bytes = { [...] }
Session ID:  {}
Cipher Suites:  { [...] }
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 59
0000: [...]...........
main, WRITE:  SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes:  len = 77
0000: [...]
main, WRITE:  SSL v2, contentType = 22, translated
length = 16310

and... 2 mins later :
main, SEND SSL v3.1 ALERT:  fatal, description =
close_notify
main, WRITE:  SSL v3.1 Alert, length = 2

and the exception :
javax.net.ssl.SSLException: error while writing to
socket
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

Note : it only happens if I use a client certificate.
=> It's urgent : What can I do ?
Thanks.




 --- "Kalnichevski, Oleg"
<oleg.kalnichevski@bearingpoint.com> a écrit : >
Samuel, 
> According to the log you are using the development
> version of HttpClient (currently as designated 2.1).
> I would strongly recommend using the 2.0 branch
> until CVS HEAD stabilizes somewhat. Currently
> authentication logic in CVS HEAD is completely
> broken by one of my recent patches. I am busy
> working on a fix, but it may take a while, as the
> fix is most likely to require changes in the API.
> 
> Oleg
> 
> -----Original Message-----
> From: Samuel BONNANFANT [mailto:sbonnanf@yahoo.fr]
> Sent: Wednesday, November 05, 2003 10:54
> To: commons-httpclient-dev@jakarta.apache.org
> Subject: [Https & proxy] Impossible to connect
> 
> 
> Hi, I'm using HttpClient 2.0 rc2.
> I've got a pbm when trying to connect to a HTTPS
> server (with a client certificate), using a proxy.
> 
> I saw the bug #7643 was resolved, but it seems it
> doesn't work with a client certificate.
> 
> Can anybody help me ?
> Thanks.
> 
> Here are the logs :
> 2003/11/05 10:45:06:312 CET [DEBUG]
> HttpMethodDirector
> - -Execute loop try 1
> 2003/11/05 10:45:06:421 CET [DEBUG]
> HttpMethodDirector
> - -Preemptively sending default basic credentials
> 2003/11/05 10:45:06:453 CET [DEBUG]
> HttpMethodDirector
> - -Default basic proxy credentials applied
> 2003-11-05 10:45:06,453[main]|INFO
>
|(StrictSSLProtocolSocketFactory.java:createSocket():131)|Création
> d'une socket
> 2003-11-05 10:45:06,515[main]|INFO
>
|(StrictSSLProtocolSocketFactory.java:verifyHostname():166)|Pas
> de vérification du serveur
> 2003/11/05 10:45:06:531 CET [DEBUG] wire - ->> "POST
> https://abc.sam.fr:8180/toto HTTP/1.1[\r][\n]"
> 2003/11/05 10:45:06:531 CET [DEBUG] HttpMethodBase -
> -Adding Host request header
> 2003/11/05 10:45:06:875 CET [DEBUG] HttpMethodBase -
> -Default charset used: ISO-8859-1
> 2003/11/05 10:45:06:890 CET [DEBUG] wire - ->>
> "application/x-www-form-urlencoded: [\r][\n]"
> 2003/11/05 10:45:06:890 CET [DEBUG] wire - ->>
> "User-Agent: Jakarta Commons-HttpClient[\r][\n]"
> 2003/11/05 10:45:06:890 CET [DEBUG] wire - ->>
> "Host:
> abc.sam.fr:8180[\r][\n]"
> 2003/11/05 10:45:06:906 CET [DEBUG] wire - ->>
> "Proxy-Connection: Keep-Alive[\r][\n]"
> 2003/11/05 10:45:06:906 CET [DEBUG] wire - ->>
> "Content-Length: 774[\r][\n]"
> 2003/11/05 10:45:06:906 CET [DEBUG] wire - ->>
> "Content-Type:
> application/x-www-form-urlencoded[\r][\n]"
> %% No cached client session
> *** ClientHello, v3.1
> RandomCookie:  GMT: 1051182498 bytes = { [...]}
> Session ID:  {}
> Cipher Suites:  { [...]}
> Compression Methods:  { 0 }
> ***
> [write] MD5 and SHA1 hashes:  len = 59
> 0000: [...]
> main, WRITE:  SSL v3.1 Handshake, length = 59
> [write] MD5 and SHA1 hashes:  len = 77
> 0000: [...]
> length = 16310
> 
> and after 2 or 3 min :
> main, SEND SSL v3.1 ALERT:  fatal, description =
> close_notify
> main, WRITE:  SSL v3.1 Alert, length = 2
> 2003/11/05 10:50:08:140 CET [DEBUG] HttpConnection -
> -Releasing connection back to connection manager.
> 
> The Exception :
> javax.net.ssl.SSLException: error while writing to
> socket
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	at
>
com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
> 
>
___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et
> en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
>
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
>
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> commons-httpclient-dev-help@jakarta.apache.org
>  

___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message