Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id D5DE5200B77 for ; Sat, 20 Aug 2016 00:20:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id D4774160AAB; Fri, 19 Aug 2016 22:20:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2434A160AAC for ; Sat, 20 Aug 2016 00:20:21 +0200 (CEST) Received: (qmail 3472 invoked by uid 500); 19 Aug 2016 22:20:21 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 3135 invoked by uid 99); 19 Aug 2016 22:20:21 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Aug 2016 22:20:21 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id EB5AA2C0150 for ; Fri, 19 Aug 2016 22:20:20 +0000 (UTC) Date: Fri, 19 Aug 2016 22:20:20 +0000 (UTC) From: "sudhish (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HTTPASYNC-111) SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 19 Aug 2016 22:20:23 -0000 sudhish created HTTPASYNC-111: --------------------------------- Summary: SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager Key: HTTPASYNC-111 URL: https://issues.apache.org/jira/browse/HTTPASYNC-111 Project: HttpComponents HttpAsyncClient Issue Type: Bug Affects Versions: 4.1.1 Reporter: sudhish I am new to this so please pardon (and also educate me) if I am doing this wrong on this board. I am running on WebSphere application server (v 8.5.1) and Java 1.6 I found an issue using the async client.. My code looks like this. Registry sessionStrategyRegistry = RegistryBuilder.create() .register("http", NoopIOSessionStrategy.INSTANCE) .register("https", SSLIOSessionStrategy.getSystemDefaultStrategy()) .build(); IOReactorConfig ioReactorConfig = IOReactorConfig.custom() .setIoThreadCount(Runtime.getRuntime().availableProcessors()) .setConnectTimeout(30000) .setSoTimeout(30000) .build(); ConnectingIOReactor ioReactor = new DefaultConnectingIOReactor(ioReactorConfig); PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager( ioReactor, sessionStrategyRegistry); connManager.setDefaultMaxPerRoute(2); connManager.setMaxTotal(20); closeableHttpAsyncClient = HttpAsyncClientBuilder.create() .setDefaultRequestConfig(RequestConfig.custom() .setConnectionRequestTimeout(30000) .setConnectTimeout(30000) .setSocketTimeout(60000) .setCookieSpec(CookieSpecs.IGNORE_COOKIES) .build()) .setConnectionManager(connManager) .build(); When I execute Future future = closeableHttpAsyncClient.execute(request1, null); It fails with a aused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=Principal Root CA G2 is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error at com.ibm.security.cert.BasicChecker.(BasicChecker.java:111) at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176) at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737) at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649) at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595) at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356) ... 25 more Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316) at com.ibm.security.cert.BasicChecker.(BasicChecker.java:108) ... 30 more My certs are ok. Without using Asycn client. When I run using non-async client. It works (working code below). Since I am in WebSphere and it makes it own configurations for SSL. I was forced to use SSLConnectionSocketFactory.getSystemSocketFactory() <-- Without this, I get the same error as above. CloseableHttpClient client = HttpClients.custom() .setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()) // this line is key! .build(); final HttpGet request1 = new HttpGet(Url); CloseableHttpResponse resp = client.execute(request1); I went through all your examples and under the assumption that SSLCOntext.createSystemDefault() should exhibit the same behaviour as SSLConnectionSocketFactory.getSystemSocketFactory() ?.. It appears its not? Am I missing something? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org