hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL Problems
Date Tue, 23 Aug 2011 12:30:30 GMT
On Mon, 2011-08-22 at 14:24 -0700, Patrick Lightbody wrote:
> I have the code below, which results in this exception:
> 
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> 	at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> 	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> 	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
> 	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
> 	at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
> 	at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:101)
> 	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:381)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
> 
> What's weird is that this code works for almost all URLs (try https://fidelity.com, for
example) but a few do not work. We've narrowed it down to this simple change in Apache:
> 
> # Works
> SSLProtocol -ALL +SSLv3 +TLSv1
> 
> # Doesn't work
> SSLProtocol -ALL +SSLv3
> 
> Any idea how I could support these kinds of SSL setups while still supporting all other
major sites (fidelity.com, twitter.com, etc). My goal is pretty much just to accept all SSL
certs and my TrustingSSLSocketFactory gets me 99% there, but I'd like to be 100% there. Any
tips?
> 
> Patrick
> 

Hi Patrick

Run your application with the SSL debug mode on and see if there is
anything in the log that may indicate an issue leading the Oracle's
implementation of JSSE to consider the peer untrusted. 

http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message