hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSLHandshakeException
Date Sat, 11 Dec 2004 12:59:17 GMT
Kumar,

This problem has nothing to do with neither HttpClient nor IBM JSSE.
Basically the certificate sent by the server is not trusted by the
client. There are two ways of solving the problem:

(1) Easy one: trust any certificate

http://cvs.apache.org/viewcvs.cgi/jakarta-
commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java?rev=1.2.2.2&only_with_tag=HTTPCLIENT_2_0_BRANCH&view=markup

(2) right one: trust only specific server certificates

http://cvs.apache.org/viewcvs.cgi/jakarta-
commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?rev=1.1.2.1&only_with_tag=HTTPCLIENT_2_0_BRANCH&view=markup

For detailed info on the problem please refer to the HttpClient SSL
guide and the JSSE documentation

Hope this helps

Oleg


On Thu, 2004-12-09 at 19:47 -0800, KOTA, KUMAR (SBCSI) wrote:
> Hi,
> 
>     I am having a problem connecting through httpclient using https.
> Basically, I am getting a SSLHandshakeException: unknown certificate
> error.  I tried making my own SSLProtocolFactory and registering it
> (using Protocol.register) and in this new factory I tried to use the
> ibmjsse.jar methods to help create the socket that HttpClient will
> eventually take and use for communication, but that still gives me a
> SSLHandshakeException (even though using the ibmjsse methods to
> establish a connection, without using httpclient, works).  Here is the
> exception and bits of my code below and I was wondering if anyone had
> any ideas regarding this issue?
> 
> =========Exception====================================================
> 
> Exception blockjavax.net.ssl.SSLHandshakeException: unknown certificate
>         at com.ibm.jsse.be.a(Unknown Source)
>         at com.ibm.jsse.b.a(Unknown Source)
>         at com.ibm.jsse.b.write(Unknown Source)
>         at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java(Inlin
> ed Compiled Code))
>         at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java(Compiled
> Code))
>         at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht
> tpConnection.java:785)
>         at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase
> .java:1926)
>         at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java
> :1008)
>         at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
> thodDirector.java:392)
>         at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
> dDirector.java:178)
>         at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:4
> 37)
>         at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
> 24)
> 
> ==========Main
> Code=========================================================
> 
> Protocol authhttps = new Protocol("https",  
>            			new SSLProtocolSocketUtil(), 445); 
>       		Protocol.registerProtocol("https", authhttps);
> 			
> // Create an instance of HttpClient.
> HttpClient client = new HttpClient();
> 		
> //Setting timeout
> client.setTimeout(timeoutVal);
> 
> // Create a method instance.
> GetMethod method = new GetMethod(sURLString);    		
> 
> // Execute the method.
> int statusCode = client.executeMethod(method);
> 
> 
> ========SSLProtocolSocketUtil()=====================================
> import java.io.IOException;
> import java.net.InetAddress;
> import java.net.Socket;
> import java.net.URL;
> import java.net.UnknownHostException;
> import java.security.NoSuchAlgorithmException;
> import java.security.SecureRandom;
> import java.security.Security;
> 
> import org.apache.commons.httpclient.params.HttpConnectionParams;
> import
> org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> 
> import com.ibm.jsse.JSSESocketFactory;
> import com.ibm.jsse.SSLContext;
> import com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection;
> 
> 
> public class SSLProtocolSocketUtil implements
> SecureProtocolSocketFactory {
> 
>     /** Log object for this class. */
>     private static final Log LOG =
> LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
> 
>     private static final String sClassName = "IBMConnectionUtil";
> 
> 	private static SSLContext context = null;
> 	//private static SSLSocketFactory sslSocketFactory = null;
> 	private static JSSESocketFactory sslSocketFactory = null;
> 	private static SecureRandom secureRandom = null;
>    
>     public SSLProtocolSocketUtil()
>     {
>         super();
>     }
> 
>     //public static SSLSocketFactory getConnection(String url, TAPInfo
> oTAPInfo) throws IOException{
> 	public static JSSESocketFactory getConnection() throws
> IOException{	
> 		
> 		URL secureURL = null;
> 		HttpsURLConnection secureConn = null;
> 
> 		if (!initialized()) {
> 			initialize();
> 		}
> 
> 		return getSocketFactory();
> 	}
> 
> 	private static boolean initialized() {
> 		// Synchronized with the initialize() function.
> 		synchronized (sClassName + ".initialize") {
> 			return secureRandom != null;
> 		}
> 	}
> 
> 	private static void initialize() {
> 		synchronized (sClassName + ".initialize") {
> 			Security.addProvider(new
> com.ibm.jsse.IBMJSSEProvider());
> 			System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
> 			
> 			if (secureRandom == null) {
> 				secureRandom = new SecureRandom();
> 			}
> 		}
> 	}
> 
> 	private static JSSESocketFactory getSocketFactory(){
> 		try{
> 			if (sslSocketFactory == null) {
> 	
> 				secureRandom.nextInt();
> 				context = (SSLContext)
> SSLContext.getInstance("SSL");
> 	
> 				// Initialize the SSL Context
> 	
> //context.init(keyManFactory.getKeyManagers(),
> trustManFactory.getTrustManagers(), secureRandom);
> 	
> 				// Retrieve the socket factory
> 				sslSocketFactory = (JSSESocketFactory)
> context.getSocketFactory();
> 			}
> 		} catch (NoSuchAlgorithmException nsae) {
> 			nsae.printStackTrace();
> 		}
> 		
> 		return sslSocketFactory;
> 	}
> 
>     public Socket createSocket(String host, int port)
>         throws IOException, UnknownHostException
>     {
>         /*return getSSLContext().getSocketFactory().createSocket(
>             host,
>             port
>         );*/
>         
>         return getConnection().createSocket(host,port);
>     }
> 
> Any help on this would be great.
> 
> Thank you,
> Kumar Kota 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message