hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abe Backus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1320) SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed
Date Sat, 09 Mar 2013 19:25:12 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13598047#comment-13598047
] 

Abe Backus commented on HTTPCLIENT-1320:
----------------------------------------

Thanks Oleg! I tested with 4.2.x using the test case and the actual client that it will be
integrated with. This looks good.

httpclient-4.2.x$ svn info
Path: .
URL: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.2.x
Repository Root: https://svn.apache.org/repos/asf
Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
Revision: 1454757
Node Kind: directory
Schedule: normal
Last Changed Author: olegk
Last Changed Rev: 1454724
Last Changed Date: 2013-03-09 06:41:15 -0800 (Sat, 09 Mar 2013)
                
> SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException:
Password verification failed
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1320
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1320
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2, 4.2.3, 4.2.4, 4.3 Alpha1, 4.3 Alpha2, 4.3 Final
>         Environment: Java System Property javax.net.ssl.trustStore is set, but javax.net.ssl.trustStorePassword
is not.
>            Reporter: Abe Backus
>             Fix For: 4.2.4, 4.3 Alpha2
>
>         Attachments: HTTPCLIENT_1320.java, HTTPCLIENT-1320.patch
>
>
> When the Java System property "javax.net.ssl.trustStore" is specified, but "javax.net.ssl.trustStorePassword"
is not, requests are encountering the exception listed below. This is reproducible in version
4.2.1 and looking at the relevant code, it should also be reproducible in all other versions
as well.
> This appears to be fixed if the password value for loading the keystore falls back to
*null* instead of the empty string. I'm not sure if this problem also exists with the "javax.net.ssl.keyStore"
logic as well, but I suspect it does.
> The workaround is to set the "javax.net.ssl.trustStorePassword" appropriately, assuming
that you know the correct value.
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> 	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> 	at java.security.KeyStore.load(KeyStore.java:1185)
> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> 	at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> 	... 37 more
> Caused by: java.security.UnrecoverableKeyException: Password verification failed
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> 	... 41 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message