hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: https problem
Date Thu, 20 Nov 2003 14:59:03 GMT
Xavier,
Default Sun's implementation of the X509TrustManager finds the certificate chain of this site
suspicious (issuer DN != subject DN (It's not quite clear issuer and subject of which certificate
is meant, as the certificate chain appears to consist of four certificates)) and refuses to
accept the server certificate.

Please have a look at the section "Examples of SSL customization in HttpClient" of the HttpClient
SSL guide to find out how you can augment default certificate chain validation logic. You
can use EasyX509TrustManager as a starting point and customize it as you see fit. If do not
really care about certificate validity in the most extreme case you may simply choose to trust
all the servers by always returning true from X509TrustManager#isServerTrusted.

Cheers

Oleg


-----Original Message-----
From: Xavier Frisaye [mailto:x.frisaye@t4hr.com]
Sent: Thursday, November 20, 2003 14:45
To: commons-httpclient-dev@jakarta.apache.org
Subject: https problem


Hello,

I'm a noob in https and i need to connect to a https site (https://www.socialsecurity.be/).
But when i instanciate an HttpClient i've got this exception :

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate
chaining error: issuer DN != subject DN 	
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) 	
at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1351)
	
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69) 	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
	
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779)
	
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2257) 	
at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2629) 

at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1085) 	
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:675) 	
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:530) 	
at test.securitesociale.SecuriteSocialeWebSite.getONSSNumber(SecuriteSocialeWebSite.java:38)

at test.securitesociale.TestSecuriteSociale.main(TestSecuriteSociale.java:8) Caused by: java.security.cert.CertificateException:
Certificate chaining error: issuer DN != subject DN 	
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275) 	
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275) 	... 18
more Exception in thread "main" 

And this is my piece of code:

     HttpClient httpclient = new HttpClient();
     GetMethod httpget = new GetMethod( "https://www.socialsecurity.be/" );
     httpclient.executeMethod( httpget );
     System.out.println( httpget.getStatusLine().toString() );

Does anyone already met this problem?

Thank you in advance for your answer



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message