hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anton Khitrenovich (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1091) Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work with 4.0.x
Date Tue, 17 May 2011 15:29:47 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034814#comment-13034814

Anton Khitrenovich commented on HTTPCLIENT-1091:

> I remember having bizarre issues with the behaviour of this method in IBM JREs.
The actual implementation of SSLContext is also vendor-specific, so there is always possibility
to run into vendor-specific bugs with current implementation also.

> > Any chance that the strange behavior is related to the way that HttpClient uses
> I certainly cannot rule that out. Feel free to review the code and let me know if you
find any improper use of JSSE API. 
We do not pretend to be JSSE experts and do not really know the HttpClient internals. 
If you say that you cannot think about improper JSSE use - I'm pretty sure we will not find
one also, but we’ll take a look.

> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work
with 4.0.x
> -------------------------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1091
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>            Reporter: Yuri Manusov
>         Attachments: ClientConnectionTest.java, clientKeyStore.p12, clientTrustStore.jks,
openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
> Tried to create an SSL tunnel with two way authentication, was able to do that with versions
4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the exception: 
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
>         at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
>         at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool (script
will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2 way authentication

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message