Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 51D93FF1E for ; Mon, 15 Apr 2013 12:40:18 +0000 (UTC) Received: (qmail 55568 invoked by uid 500); 15 Apr 2013 12:40:18 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 55455 invoked by uid 500); 15 Apr 2013 12:40:17 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 55322 invoked by uid 99); 15 Apr 2013 12:40:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Apr 2013 12:40:16 +0000 Date: Mon, 15 Apr 2013 12:40:16 +0000 (UTC) From: "Juraj Martinka (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1339) SSLPeerUnverifiedException occurs randomly when calling resource via HTTPS MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13631685#comment-13631685 ] Juraj Martinka commented on HTTPCLIENT-1339: -------------------------------------------- Hi, Oleg, thank you very much for the investigation. However, I'm still not able to find the root cause of aforementioned error. I tried to enable ssl debug via "-Djavax.net.debug=all" but didn't find anything useful in output, nor the "Remote host closed connection during handshake " you have mentioned. In my case there is another error: --- 0040: 00 2F C0 04 C0 0E 00 33 00A0 0 ......0 09 C0 13 10 00 11 00 02 00 12 00 04 00 05 00 14 00 0pool-1-thread-262, handling exception: java.net.SocketException: Connection reset 7 pool-1-thread-262, SEND TLSv1 ALERT: fatal, description = unexpected_message : pool-1-thread-262, WRITE: TLSv1 Alert, length = 2 00 0060pool-1-thread-262, Exception sending alert: java.net.SocketException: Broken pipe 00 0pool-1-thread-262, called closeSocket() pool-1-thread-142, WRITE: TLSv1 Handshake, length = 163 0C: Cpool-1-thread-262, IOException in getSession(): java.net.SocketException: Connection reset 00 16 8: pool-1-thread-262, called close() 00pool-1-thread-262, called closeInternal(true) 0D32. EF 7B 47 .pool-1-thread-262, called close() ---- I'm still wondering why there is no such issue with older HttpClient 3.x. Do you have any further suggestions? > SSLPeerUnverifiedException occurs randomly when calling resource via HTTPS > -------------------------------------------------------------------------- > > Key: HTTPCLIENT-1339 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1339 > Project: HttpComponents HttpClient > Issue Type: Bug > Affects Versions: 4.2.3 > Reporter: Juraj Martinka > Priority: Critical > > HttpClient (tested against 4.1 version and 4.2.3) suffers from SSLPeerUnverifiedException. > It can occur randomly, mainly when calling some secured resource in a concurrent fashion. > However, each time there is a new HttpClient instance some this might not be related to the threads issues. > I've created two unit tests - https://gist.github.com/jumarko/34c20054d3d85eaff5a7 > * HttpClientPeerUnverifiedTest - using HttpClient 4.x errors occures in a random fashion -> sometimes zero failures, but more often than not there is at least one SSLPeerUnverifiedException > * OldHttpClientPeerUnverifiedTest - using HttpClient 3.1 everything is working OK > Stacktrace: > {code} > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) > at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) > at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) > at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) > at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) > at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) > at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641) > at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) > at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) > at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066) > at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1044) > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org