hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1091) Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work with 4.0.x
Date Sat, 24 Sep 2011 11:13:26 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13113951#comment-13113951
] 

Oleg Kalnichevski commented on HTTPCLIENT-1091:
-----------------------------------------------

David

Per default HttpClient 4.x does not take system properties into consideration as access to
system properties may be restricted in managed environments. Therefore one is advised to explicitly
set up SSL context using whatever initialization logic deemed appropriate for a particular
application. As of next feature release (4.2) HttpClient will provide a factory method to
create DefaultHttpClient instances pre-configured based on system properties (see HTTPCLIENT-1128).

Oleg

> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work
with 4.0.x
> -------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1091
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>            Reporter: Yuri Manusov
>         Attachments: ClientConnectionTest.java, clientKeyStore.p12, clientTrustStore.jks,
openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do that with versions
4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the exception: 
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
>         at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
>         at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool (script
will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2 way authentication
(clientAuth="true").

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message