hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David M. Karr (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1091) Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work with 4.0.x
Date Thu, 22 Sep 2011 15:50:26 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13112666#comment-13112666
] 

David M. Karr commented on HTTPCLIENT-1091:
-------------------------------------------

We have some code that has been using HttpClient 3.0.1 for quite a while now.  Last night
we tried to deploy changes to upgrade this to HttpClient 4.1.2. It was going well until we
deployed it to a server that was using dual ssl auth.  I never had any code that specifically
handled SSL, either in the code using 3.0.1, or the new code using 4.1.2. When we deployed
the new changes to that server, we started getting "javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated" errors. Just now we finished the process of reverting those changes
back to use HttpClient 3.0.1, and now we're not getting this error anymore.

Could someone explain why this might be?  Do I need to have any specific code for dual ssl
auth with HttpClient 4.1.2?

> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work
with 4.0.x
> -------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1091
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>            Reporter: Yuri Manusov
>         Attachments: ClientConnectionTest.java, clientKeyStore.p12, clientTrustStore.jks,
openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do that with versions
4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the exception: 
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>         at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
>         at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
>         at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
>         at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
>         at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool (script
will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2 way authentication
(clientAuth="true").

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message