hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1091) Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work with 4.0.x
Date Tue, 24 May 2011 19:38:47 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski resolved HTTPCLIENT-1091.
-------------------------------------------

    Resolution: Won't Fix

Closing as WONTFIX. If you disagree with the resolution, I propose that the SSL initialization
logic is moved from SSLSocketFactory to a special factory class that takes into account all
system properties not just SSL related.

Oleg

> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work
with 4.0.x
> -------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1091
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>            Reporter: Yuri Manusov
>         Attachments: ClientConnectionTest.java, clientKeyStore.p12, clientTrustStore.jks,
openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do that with versions
4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the exception: 
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
>         at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
>         at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool (script
will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2 way authentication
(clientAuth="true").

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message