hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: client side cert issue, maybe. HTTPClient version 2
Date Wed, 15 Dec 2004 14:03:14 GMT
Hi Steve,

Just a few comments on the problem you have been experiencing

(1) If you ever get a valid HTTP status code it means that the
underlying transport layer is completely OK. Had it been an SSL related
problem you would have gotten an SSLException, not a status code 403

(2) InputStream#available is completely meaningless for the SSLSockets.
I believe Sun does not even guarantee an adequate performance of this
method for plain sockets. The only way to tell if there's data to be
read is actually by performing a socket read operation. 

(3) Most likely your application needs to perform HTTP authentication in
addition to SSL authentication. Apparently there's no such thing as too
much security.

Hope this helps somewhat

Cheers,

Oleg


On Tue, Dec 14, 2004 at 01:46:31PM -0800, Steve Johnson wrote:
> Hi All,
> 
>  
> 
> HTTPClient version 2
> 
>  
> 
> Wondering if anyone has seen something like this. I realize it could have many causes.
> 
> URL is client side cert; we get connected and receive a 302 redirect page from server.
> 
> We send the request for the next page, see Wire debug below.
> 
> I run socket.available(), it returns 0 bytes avaibable.
> 
> Then the socket reestablished the SSL credentials. 
> 
> When the page is read we get a 403 Forbidden from the server.
> 
>  
> 
> WE WRITE REQUEST AND GET 302 WITH NO BREAK ON THE CONNECTION
> 
> --------------------------------------------------------------------------------------------------------------
> ---------
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.flushRequestOutputStream()
> 
> HTTPRequest /SiteScope/cgi/go.exe/SiteScope, WRITE: SSLv3 Application Data, length =
162
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [DEBUG] wire - ->> "[\r][\n]"
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.flushRequestOutputStream()
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpMethodBase - -enter HttpMethodBase.readResponse(HttpState,
> HttpConnection)
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpMethodBase - -enter HttpMethodBase.readStatusLine(HttpState,
> HttpConnection)
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.readLine()
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpParser - -enter HttpParser.readLine()
> 
> 2004/12/14 14:15:54:437 GMT-07:00 [TRACE] HttpParser - -enter HttpParser.readRawLine()
> 
> HTTPRequest /SiteScope/cgi/go.exe/SiteScope, READ: SSLv3 Application Data, length = 368
> 
> 2004/12/14 14:15:54:516 GMT-07:00 [DEBUG] wire - -<< "HTTP/1.1 302 Moved Temporarily[\r][\n]"
> 
> 2004/12/14 14:15:54:516 GMT-07:00 [TRACE] HttpMethodBase - -enter
> HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
> 
>  
> 
>  
> 
> WE WRITE NEXT REQUEST AND THERE ARE 0 BYTES TO READ, SSL STUFF HAPPENS, THEN A 403 FROM
SERVER.
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.flushRequestOutputStream()
> 
> HTTPRequest /SiteScope/cgi/go.exe/SiteScope, WRITE: SSLv3 Application Data, length =
319
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [DEBUG] wire - ->> "[\r][\n]"
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.flushRequestOutputStream()
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpMethodBase - -enter HttpMethodBase.readResponse(HttpState,
> HttpConnection)
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpMethodBase - -enter HttpMethodBase.readStatusLine(HttpState,
> HttpConnection)
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpConnection - -enter HttpConnection.readLine()
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpParser - -enter HttpParser.readLine()
> 
> 2004/12/14 14:15:58:015 GMT-07:00 [TRACE] HttpParser - -enter HttpParser.readRawLine()
> 
> HTTPRequest /SiteScope/cgi/go.exe/SiteScope, READ: SSLv3 Handshake, length = 20
> 
> *** HelloRequest (empty)
> 
> %% Client cached [Session-2, SSL_RSA_WITH_RC4_128_MD5]
> 
> %% Try resuming [Session-2, SSL_RSA_WITH_RC4_128_MD5] from port 2006
> 
> *** ClientHello, SSLv3
> 
>  
> 
> 403 PAGE AFTER THIS:
> 
>  
> 
> any ideas? Suggestions?
> 
> Thanks,
> 
>  
> 
> Steve Johnson, Software Engineer, sjohnson@mercury.com
> 
> direct 720.564.6532 
> 
> www.mercury.com <http://www.mercury.com/>  
> 
>  <http://www.mercury.com/> 
> 
>  <http://www.mercury.com/>  
> 
>  
> 
>  
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message