hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject RE: SSLHandshakeException: Remote host closed connection during handshake ????
Date Mon, 09 Feb 2004 13:52:58 GMT
Marc,

I investigated the problem a little and this is what I have found out:

(1) The problem has nothing to do with HttpClient as such
(2) The culprit is most likely to be the Sun's implementation of SSL (or its default settings)
(3) IBM JDK (I used Websphere appclient 5.0.1 for my test) does not exhibit the problem 

Below I am attaching the source of my simple test application as well as resultant console
output. I leave it up to you to figure out what particularly the site does not like about
Sun's default SSL settings.

Good luck

Oleg


=============================================================================================

package org.apache.commons.httpclient;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class SSLTest
{

    public static final String TARGET_HTTPS_SERVER = "mail.webavinet.net";
    public static final int TARGET_HTTPS_PORT = 443;

    public static void main(String[] args) throws Exception
    {
        SSLTest test = new SSLTest();
        test.doStuff();
    }

    public void doStuff() throws IOException
    {
        SSLContext context = null;
        try
        {
            context = SSLContext.getInstance("SSL");
            context.init(null, new TrustManager[] { new TestX509TrustManager(null)}, null);
        } catch (Exception e)
        {
            throw new RuntimeException(e.toString());
        }
        SSLSocketFactory factory = context.getSocketFactory();
        Socket socket = factory.createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT);
        try
        {
            Writer out = new OutputStreamWriter(socket.getOutputStream(), "ISO-8859-1");
            out.write("GET / HTTP/1.1\r\n");
            out.write("Host: " + TARGET_HTTPS_SERVER + ":" + TARGET_HTTPS_PORT + "\r\n");
            out.write("Agent: SSL-TEST\r\n");
            out.write("\r\n");
            out.flush();
            BufferedReader in =
                new BufferedReader(new InputStreamReader(socket.getInputStream(), "ISO-8859-1"));
            String line = null;
            while ((line = in.readLine()) != null)
            {
                System.out.println(line);
            }
        } finally
        {
            socket.close();
        }
    }

    private class TestX509TrustManager implements X509TrustManager
    {
        private X509TrustManager standardTrustManager = null;

        public TestX509TrustManager(KeyStore keystore)
            throws NoSuchAlgorithmException, KeyStoreException
        {
            super();
            TrustManagerFactory factory = TrustManagerFactory.getInstance("IBMX509");
            factory.init(keystore);
            TrustManager[] trustmanagers = factory.getTrustManagers();
            if (trustmanagers.length == 0)
            {
                throw new NoSuchAlgorithmException("IBMX509 trust manager not supported");
            }
            this.standardTrustManager = (X509TrustManager) trustmanagers[0];
        }

        public void checkClientTrusted(X509Certificate[] certificates, String authType)
            throws CertificateException
        {
            this.standardTrustManager.checkClientTrusted(certificates, authType);
        }

        public void checkServerTrusted(X509Certificate[] certificates, String authType)
            throws CertificateException
        {
            if (certificates != null)
            {
                for (int i = 0; i < certificates.length; i++)
                {
                    System.out.println("X509Certificate[" + i + "]=" + certificates[i]);
                }
            }
            if ((certificates != null) && (certificates.length == 1))
            {
                X509Certificate certificate = certificates[0];
                certificate.checkValidity();
            } else
            {
                this.standardTrustManager.checkServerTrusted(certificates, authType);
            }
        }

        public X509Certificate[] getAcceptedIssuers()
        {
            return this.standardTrustManager.getAcceptedIssuers();
        }
    }
}

=============================================================================================

X509Certificate[0]=[
[
  Version: V1
  Subject: EmailAddress=pgancarz@arinc.com, CN=mail.webavinet.net, OU=IAE (Messaging), O=ARINC,
L=Annapolis, ST=Maryland, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  IBMJCE RSA Public Key:
modulus:
142358868337072176726488772914202353366297496321162172153396699597174462025304745715769551780676554132101345047439500739741302826578445202305488830495735617834443145722322852654248571640150331241423812602415726748191134796041239299243026328529874991346388904410611396670499623361880043736426784731057695356909
public exponent:
65537

  Validity: [From: Thu Feb 15 22:41:54 CET 2001,
               To: Sun Feb 13 22:41:54 CET 2011]
  Issuer: EmailAddress=pgancarz@arinc.com, CN=mail.webavinet.net, OU=IAE (Messaging), O=ARINC,
L=Annapolis, ST=Maryland, C=US
  SerialNumber: [  0  ]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 6F 91 1F 64 1F DA 13 75   EC 1C 1B 83 DD C6 C3 77  o..d...u.......w
0010: 00 01 F4 4C A8 49 53 E5   AB B3 A4 12 EA C6 37 C4  ...L.IS.......7.
0020: 45 78 CC EC F1 EE 64 9D   30 78 F4 36 4B 76 8E 94  Ex....d.0x.6Kv..
0030: BF 5C D7 67 5F DD D6 05   AC 59 45 6A F9 61 00 47  .\.g_....YEj.a.G
0040: 29 86 17 24 90 6D 9B 6F   04 48 58 5D 20 EC 01 8A  )..$.m.o.HX] ...
0050: EF 67 56 35 45 35 25 F4   39 CF 97 F2 AC 4E F0 D9  .gV5E5%.9....N..
0060: 2D 2F 43 3F D1 69 14 5D   E2 56 D3 90 96 59 8D BA  -/C?.i.].V...Y..
0070: 88 EF 65 87 32 33 6E 72   D9 66 6C 33 3F 7F A9 70  ..e.23nr.fl3?..p

]
HTTP/1.0 200 OK
Date: Mon, 09 Feb 2004 13:40:38 GMT
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Cache-Control: no-cache
Cache-Control: must-revalidate
Pragma: no-cache
Message-Id: <3CB6B20D@mhsws001anp>
Content-Length: 1933
Content-type: text/html
Last-Modified: Mon, 09 Feb 2004 13:40:38 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0030)https://www.webavinet.com:444/ -->
<HTML><HEAD><TITLE>AviNet Mail Login</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD>
<BODY text=#000000 vLink=#003366 aLink=#008fff link=#3333FF bgColor=#FFFFFF background="/html/default/background.gif">
<FORM action=/MBX/ID=3A75A5FD method=post>
  <p align="left"><img src="/html/default/mailbox.JPG" width="153" height="171" alt="ARINC
AviNet Mail"> 
    <b><img src="/html/default/webmail3.JPG" width="367" height="166" align="top"
alt="ARINC AviNet Mail"></b></p>
  <p align="left"><b><font face="Arial, Helvetica, sans-serif">Username:</font></b>

    <font face="Arial, Helvetica, sans-serif">
    <input align=middle size=35 name=User cols="35" rows="1">
    <br>
    <b>Password:</b> 
    <input type=password size=25 name=Password rows="1">
    <input type=submit alt=Login align=bottom value="Log In" name=DoLogin2>
    <INPUT type=hidden 
value=/MBX/ID=3A75A5FD name=RequestURL>
    <INPUT type=hidden name=SaveUser>
    <INPUT 
type=hidden value=DoItNow name=DoLogin>
    <br>
    <br>
    <b>Please enter your AviNet user ID and password,<br>
    then click the Log In button to enter the system.</b></font></p>
  <p align="left"> <font size="-1" face="Arial, Helvetica, sans-serif">Visit <a
href="http://www.arinc.com">ARINC's 
    Home Page</a>! </font> </p>
</FORM>
<p align="left"> <font face="Arial, Helvetica, sans-serif"><IMG alt=SSL src="/html/default/ssl-lock.gif"

border=0 width="20" height="22">&nbsp;Secure mode active.<br>
  
<HR><CENTER><img src="/ssl-lock.gif" alt="SSL" border=0>&nbsp;Secure
mode active.</CENTER>
<HR>
<CENTER>
Powered by Infinite InterChange (WebMail Interface) v3.61.02 -- &copy; Copyright 1995-2000
by Infinite Technologies
</CENTER>


=============================================================================================

-----Original Message-----
From: Marc Concannon [mailto:marcconcannon@eircom.net]
Sent: Friday, February 06, 2004 20:09
To: commons-httpclient-dev@jakarta.apache.org
Subject: SSLHandshakeException: Remote host closed connection during
handshake ???? 


Hi,

I'm having a few problems connecting to a https server.

I keep getting the following exception being thrown.

the address is:  https://mail.webavinet.net/

It uses its own issued certificate so I'm using the easySSLProtocolSocketFactory to get around
the fact that the cert is not trusted, but the problem is still there.

I'm using the simple sample code for connecting to a socket as supplied by the commons/httpclient
website (with mods for above).

It wouldn't be anything to do with the cert being 1024bit?

Anyone any ideas???

Thanks
Marc Concannon

Failed to download file.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
 at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
 at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
 at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
 at java.io.BufferedOutputStream.flush(Unknown Source)
 at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
 at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
 at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
 at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:674)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
 at com.universalred.connectix.TcpConnectionManager.getHttpsConnection(TcpConnectionManager.java:184)
 at com.universalred.connectix.NewRequestManagement.newPositiveFileUpdate(NewRequestManagement.java:34)
 at com.universalred.connectix.FileDirectoryMonitor.run(FileDirectoryMonitor.java:76)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
 at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
 ... 16 more

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message