hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@cucbc.com>
Subject Re: How come my http-client is not presenting the certificate?
Date Fri, 06 Oct 2006 03:05:00 GMT
Hi, JT,

#1.  Not possible.  The client cert will be presented for all paths.  This is because the
socket is established before "GET /path" or "POST /path" is sent to the server.  But I'm just
being pedantic here.

[I think #1 can "appear" possible when servers use "sslServer.setWantClientAuth( true )" instead
of "sslServer.setNeedClientAuth( true )."  But the client cert will still be presented for
the very first URL requested.]

#5.  Can you try the "ping" utility with commons-ssl?  After downloading "commons-ssl.jar",
please type:

java -jar commons-ssl.jar

Hopefully the instructions that print out from that will be self-explanatory.  Don't forget
to include the "-t" for "target".  I always forget!  And I wrote it!

If you get any bind exceptions, try specifying a local port (such as 54321).  There's one
RHEL3 machine at my office that always complains about that for some reason, not sure why.

Can you show us the output the "Ping" utility gets back from your server?  I'm especially
interested in the HTTP headers you get back, or the SSL exceptions.




ps.  please CC both httpclient-user and myself in any replies.  I don't seem to get httpclient
emails any more at work.  I think we're having spam filtering issues...  probably going to
start subscribing from my gmail account instead...  but I'm lazy...


1.  The server is authenticating only on a certain
2.  I am using commons-ssl with httpclient
3.  I used the EasySSLProtocolSocketFactory
4.  I have set my KeyMaterial
5.  When I hit the required authenticated
path/location, it seems that the client is not
presenting the cert.
6.  I tested out using openssl and it works.  I do see
the client certificate request from the server and the
client presents the correct cert.

I am confused.

Any help is much appreciated,

To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

View raw message