hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sudhish (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPASYNC-111) SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager
Date Fri, 19 Aug 2016 22:20:20 GMT
sudhish created HTTPASYNC-111:
---------------------------------

             Summary: SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager
                 Key: HTTPASYNC-111
                 URL: https://issues.apache.org/jira/browse/HTTPASYNC-111
             Project: HttpComponents HttpAsyncClient
          Issue Type: Bug
    Affects Versions: 4.1.1
            Reporter: sudhish


I am new to this so please pardon (and also educate me) if I am doing this wrong on this board.

I am running on WebSphere application server (v 8.5.1) and Java 1.6 

I found an issue using the async client.. My code looks like this.

Registry<SchemeIOSessionStrategy> sessionStrategyRegistry = RegistryBuilder.<SchemeIOSessionStrategy>create()
		            .register("http", NoopIOSessionStrategy.INSTANCE)
		            .register("https", SSLIOSessionStrategy.getSystemDefaultStrategy())
		            .build();
			 IOReactorConfig ioReactorConfig = IOReactorConfig.custom()
		                .setIoThreadCount(Runtime.getRuntime().availableProcessors())
		                .setConnectTimeout(30000)
		                .setSoTimeout(30000)
		                .build();
			 
			 ConnectingIOReactor ioReactor = new DefaultConnectingIOReactor(ioReactorConfig);
			
			 PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(
		                ioReactor, sessionStrategyRegistry);

			 connManager.setDefaultMaxPerRoute(2);
			 connManager.setMaxTotal(20);
          
			  
		 
	        closeableHttpAsyncClient = HttpAsyncClientBuilder.create()

	                		.setDefaultRequestConfig(RequestConfig.custom()
	                        				.setConnectionRequestTimeout(30000)
	                        				.setConnectTimeout(30000)
	                        			.setSocketTimeout(60000)
	                        			.setCookieSpec(CookieSpecs.IGNORE_COOKIES)
	                        			.build())
	                          .setConnectionManager(connManager)
	                          
	                .build();

When I execute 
Future<HttpResponse> future = closeableHttpAsyncClient.execute(request1, null);

It fails with a
aused by: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=Principal Root
CA G2 is not trusted; internal cause is: 
	java.security.cert.CertPathValidatorException: Certificate chaining error
	at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
	at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
	at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
	at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
	at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
	at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356)
	... 25 more
Caused by: 
java.security.cert.CertPathValidatorException: Certificate chaining error
	at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)
	at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
	... 30 more


My certs are ok. 

Without using Asycn client. When I run using non-async client. It works (working code below).
Since I am in WebSphere and it makes it own configurations for SSL. I was forced to use 

SSLConnectionSocketFactory.getSystemSocketFactory() <-- Without this, I get the same error
as above. 

CloseableHttpClient client = HttpClients.custom()
		.setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()) // this line is
key!
				.build();
		final HttpGet request1 = new HttpGet(Url);

		CloseableHttpResponse resp = client.execute(request1);


I went through all your examples and under the assumption that
SSLCOntext.createSystemDefault() should exhibit the same behaviour as 

SSLConnectionSocketFactory.getSystemSocketFactory() ?.. 

It appears its not?  Am I missing something?





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message