hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Concannon" <marc.concan...@universalred.com>
Subject Re: SSLHandshakeException: Remote host closed connection during handshake ????
Date Mon, 09 Feb 2004 14:03:36 GMT
Hi Oleg,

Thank you very very much for your help I thought that I was doing something
wrong.

I will try it with the IBM implementation

Thanks
Marc.


----- Original Message ----- 
From: "Kalnichevski, Oleg" <oleg.kalnichevski@bearingpoint.com>
To: "Commons HttpClient Project" <commons-httpclient-dev@jakarta.apache.org>
Sent: Monday, February 09, 2004 1:52 PM
Subject: RE: SSLHandshakeException: Remote host closed connection during
handshake ????


Marc,

I investigated the problem a little and this is what I have found out:

(1) The problem has nothing to do with HttpClient as such
(2) The culprit is most likely to be the Sun's implementation of SSL (or its
default settings)
(3) IBM JDK (I used Websphere appclient 5.0.1 for my test) does not exhibit
the problem

Below I am attaching the source of my simple test application as well as
resultant console output. I leave it up to you to figure out what
particularly the site does not like about Sun's default SSL settings.

Good luck

Oleg


============================================================================
=================

package org.apache.commons.httpclient;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class SSLTest
{

    public static final String TARGET_HTTPS_SERVER = "mail.webavinet.net";
    public static final int TARGET_HTTPS_PORT = 443;

    public static void main(String[] args) throws Exception
    {
        SSLTest test = new SSLTest();
        test.doStuff();
    }

    public void doStuff() throws IOException
    {
        SSLContext context = null;
        try
        {
            context = SSLContext.getInstance("SSL");
            context.init(null, new TrustManager[] { new
TestX509TrustManager(null)}, null);
        } catch (Exception e)
        {
            throw new RuntimeException(e.toString());
        }
        SSLSocketFactory factory = context.getSocketFactory();
        Socket socket = factory.createSocket(TARGET_HTTPS_SERVER,
TARGET_HTTPS_PORT);
        try
        {
            Writer out = new OutputStreamWriter(socket.getOutputStream(),
"ISO-8859-1");
            out.write("GET / HTTP/1.1\r\n");
            out.write("Host: " + TARGET_HTTPS_SERVER + ":" +
TARGET_HTTPS_PORT + "\r\n");
            out.write("Agent: SSL-TEST\r\n");
            out.write("\r\n");
            out.flush();
            BufferedReader in =
                new BufferedReader(new
InputStreamReader(socket.getInputStream(), "ISO-8859-1"));
            String line = null;
            while ((line = in.readLine()) != null)
            {
                System.out.println(line);
            }
        } finally
        {
            socket.close();
        }
    }

    private class TestX509TrustManager implements X509TrustManager
    {
        private X509TrustManager standardTrustManager = null;

        public TestX509TrustManager(KeyStore keystore)
            throws NoSuchAlgorithmException, KeyStoreException
        {
            super();
            TrustManagerFactory factory =
TrustManagerFactory.getInstance("IBMX509");
            factory.init(keystore);
            TrustManager[] trustmanagers = factory.getTrustManagers();
            if (trustmanagers.length == 0)
            {
                throw new NoSuchAlgorithmException("IBMX509 trust manager
not supported");
            }
            this.standardTrustManager = (X509TrustManager) trustmanagers[0];
        }

        public void checkClientTrusted(X509Certificate[] certificates,
String authType)
            throws CertificateException
        {
            this.standardTrustManager.checkClientTrusted(certificates,
authType);
        }

        public void checkServerTrusted(X509Certificate[] certificates,
String authType)
            throws CertificateException
        {
            if (certificates != null)
            {
                for (int i = 0; i < certificates.length; i++)
                {
                    System.out.println("X509Certificate[" + i + "]=" +
certificates[i]);
                }
            }
            if ((certificates != null) && (certificates.length == 1))
            {
                X509Certificate certificate = certificates[0];
                certificate.checkValidity();
            } else
            {
                this.standardTrustManager.checkServerTrusted(certificates,
authType);
            }
        }

        public X509Certificate[] getAcceptedIssuers()
        {
            return this.standardTrustManager.getAcceptedIssuers();
        }
    }
}

============================================================================
=================

X509Certificate[0]=[
[
  Version: V1
  Subject: EmailAddress=pgancarz@arinc.com, CN=mail.webavinet.net, OU=IAE
(Messaging), O=ARINC, L=Annapolis, ST=Maryland, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  IBMJCE RSA Public Key:
modulus:
1423588683370721767264887729142023533662974963211621721533966995971744620253
0474571576955178067655413210134504743950073974130282657844520230548883049573
5617834443145722322852654248571640150331241423812602415726748191134796041239
2992430263285298749913463889044106113966704996233618800437364267847310576953
56909
public exponent:
65537

  Validity: [From: Thu Feb 15 22:41:54 CET 2001,
               To: Sun Feb 13 22:41:54 CET 2011]
  Issuer: EmailAddress=pgancarz@arinc.com, CN=mail.webavinet.net, OU=IAE
(Messaging), O=ARINC, L=Annapolis, ST=Maryland, C=US
  SerialNumber: [  0  ]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 6F 91 1F 64 1F DA 13 75   EC 1C 1B 83 DD C6 C3 77  o..d...u.......w
0010: 00 01 F4 4C A8 49 53 E5   AB B3 A4 12 EA C6 37 C4  ...L.IS.......7.
0020: 45 78 CC EC F1 EE 64 9D   30 78 F4 36 4B 76 8E 94  Ex....d.0x.6Kv..
0030: BF 5C D7 67 5F DD D6 05   AC 59 45 6A F9 61 00 47  .\.g_....YEj.a.G
0040: 29 86 17 24 90 6D 9B 6F   04 48 58 5D 20 EC 01 8A  )..$.m.o.HX] ...
0050: EF 67 56 35 45 35 25 F4   39 CF 97 F2 AC 4E F0 D9  .gV5E5%.9....N..
0060: 2D 2F 43 3F D1 69 14 5D   E2 56 D3 90 96 59 8D BA  -/C?.i.].V...Y..
0070: 88 EF 65 87 32 33 6E 72   D9 66 6C 33 3F 7F A9 70  ..e.23nr.fl3?..p

]
HTTP/1.0 200 OK
Date: Mon, 09 Feb 2004 13:40:38 GMT
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Cache-Control: no-cache
Cache-Control: must-revalidate
Pragma: no-cache
Message-Id: <3CB6B20D@mhsws001anp>
Content-Length: 1933
Content-type: text/html
Last-Modified: Mon, 09 Feb 2004 13:40:38 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0030)https://www.webavinet.com:444/ -->
<HTML><HEAD><TITLE>AviNet Mail Login</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD>
<BODY text=#000000 vLink=#003366 aLink=#008fff link=#3333FF bgColor=#FFFFFF
background="/html/default/background.gif">
<FORM action=/MBX/ID=3A75A5FD method=post>
  <p align="left"><img src="/html/default/mailbox.JPG" width="153"
height="171" alt="ARINC AviNet Mail">
    <b><img src="/html/default/webmail3.JPG" width="367" height="166"
align="top" alt="ARINC AviNet Mail"></b></p>
  <p align="left"><b><font face="Arial, Helvetica,
sans-serif">Username:</font></b>
    <font face="Arial, Helvetica, sans-serif">
    <input align=middle size=35 name=User cols="35" rows="1">
    <br>
    <b>Password:</b>
    <input type=password size=25 name=Password rows="1">
    <input type=submit alt=Login align=bottom value="Log In" name=DoLogin2>
    <INPUT type=hidden
value=/MBX/ID=3A75A5FD name=RequestURL>
    <INPUT type=hidden name=SaveUser>
    <INPUT
type=hidden value=DoItNow name=DoLogin>
    <br>
    <br>
    <b>Please enter your AviNet user ID and password,<br>
    then click the Log In button to enter the system.</b></font></p>
  <p align="left"> <font size="-1" face="Arial, Helvetica, sans-serif">Visit
<a href="http://www.arinc.com">ARINC's
    Home Page</a>! </font> </p>
</FORM>
<p align="left"> <font face="Arial, Helvetica, sans-serif"><IMG alt=SSL
src="/html/default/ssl-lock.gif"
border=0 width="20" height="22">&nbsp;Secure mode active.<br>

<HR><CENTER><img src="/ssl-lock.gif" alt="SSL" border=0>&nbsp;Secure
mode
active.</CENTER>
<HR>
<CENTER>
Powered by Infinite InterChange (WebMail Interface) v3.61.02 -- &copy;
Copyright 1995-2000 by Infinite Technologies
</CENTER>


============================================================================
=================

-----Original Message-----
From: Marc Concannon [mailto:marcconcannon@eircom.net]
Sent: Friday, February 06, 2004 20:09
To: commons-httpclient-dev@jakarta.apache.org
Subject: SSLHandshakeException: Remote host closed connection during
handshake ????


Hi,

I'm having a few problems connecting to a https server.

I keep getting the following exception being thrown.

the address is:  https://mail.webavinet.net/

It uses its own issued certificate so I'm using the
easySSLProtocolSocketFactory to get around
the fact that the cert is not trusted, but the problem is still there.

I'm using the simple sample code for connecting to a socket as supplied by
the commons/httpclient website (with mods for above).

It wouldn't be anything to do with the cert being 1024bit?

Anyone any ideas???

Thanks
Marc Concannon

Failed to download file.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
 at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
 at
org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpC
onnection.java:1368)
 at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
 at java.io.BufferedOutputStream.flush(Unknown Source)
 at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpCo
nnection.java:799)
 at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.jav
a:2277)
 at
org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.j
ava:2657)
 at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:109
3)
 at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:674)
 at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
 at
com.universalred.connectix.TcpConnectionManager.getHttpsConnection(TcpConnec
tionManager.java:184)
 at
com.universalred.connectix.NewRequestManagement.newPositiveFileUpdate(NewReq
uestManagement.java:34)
 at
com.universalred.connectix.FileDirectoryMonitor.run(FileDirectoryMonitor.jav
a:76)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
 at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
 ... 16 more

---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message