Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BBCDB200B6D for ; Tue, 23 Aug 2016 16:45:25 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BA2D5160B17; Tue, 23 Aug 2016 14:45:25 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1646A160AD6 for ; Tue, 23 Aug 2016 16:45:24 +0200 (CEST) Received: (qmail 92805 invoked by uid 500); 23 Aug 2016 14:45:24 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 88439 invoked by uid 99); 23 Aug 2016 14:45:21 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Aug 2016 14:45:21 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id AF54C2C0155 for ; Tue, 23 Aug 2016 14:45:20 +0000 (UTC) Date: Tue, 23 Aug 2016 14:45:20 +0000 (UTC) From: "sudhish (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPASYNC-111) SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 23 Aug 2016 14:45:25 -0000 [ https://issues.apache.org/jira/browse/HTTPASYNC-111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15432931#comment-15432931 ] sudhish commented on HTTPASYNC-111: ----------------------------------- Thank you! This helps! > SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager > ---------------------------------------------------------------------------- > > Key: HTTPASYNC-111 > URL: https://issues.apache.org/jira/browse/HTTPASYNC-111 > Project: HttpComponents HttpAsyncClient > Issue Type: Bug > Affects Versions: 4.1.1 > Reporter: sudhish > > I am new to this so please pardon (and also educate me) if I am doing this wrong on this board. > I am running on WebSphere application server (v 8.5.1) and Java 1.6 > I found an issue using the async client.. My code looks like this. > Registry sessionStrategyRegistry = RegistryBuilder.create() > .register("http", NoopIOSessionStrategy.INSTANCE) > .register("https", SSLIOSessionStrategy.getSystemDefaultStrategy()) > .build(); > IOReactorConfig ioReactorConfig = IOReactorConfig.custom() > .setIoThreadCount(Runtime.getRuntime().availableProcessors()) > .setConnectTimeout(30000) > .setSoTimeout(30000) > .build(); > > ConnectingIOReactor ioReactor = new DefaultConnectingIOReactor(ioReactorConfig); > > PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager( > ioReactor, sessionStrategyRegistry); > connManager.setDefaultMaxPerRoute(2); > connManager.setMaxTotal(20); > > > > closeableHttpAsyncClient = HttpAsyncClientBuilder.create() > .setDefaultRequestConfig(RequestConfig.custom() > .setConnectionRequestTimeout(30000) > .setConnectTimeout(30000) > .setSocketTimeout(60000) > .setCookieSpec(CookieSpecs.IGNORE_COOKIES) > .build()) > .setConnectionManager(connManager) > > .build(); > When I execute > Future future = closeableHttpAsyncClient.execute(request1, null); > It fails with a > aused by: > java.security.cert.CertPathValidatorException: The certificate issued by CN=Principal Root CA G2 is not trusted; internal cause is: > java.security.cert.CertPathValidatorException: Certificate chaining error > at com.ibm.security.cert.BasicChecker.(BasicChecker.java:111) > at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176) > at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737) > at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649) > at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595) > at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356) > ... 25 more > Caused by: > java.security.cert.CertPathValidatorException: Certificate chaining error > at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316) > at com.ibm.security.cert.BasicChecker.(BasicChecker.java:108) > ... 30 more > My certs are ok. > Without using Asycn client. When I run using non-async client. It works (working code below). Since I am in WebSphere and it makes it own configurations for SSL. I was forced to use > SSLConnectionSocketFactory.getSystemSocketFactory() <-- Without this, I get the same error as above. > CloseableHttpClient client = HttpClients.custom() > .setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()) // this line is key! > .build(); > final HttpGet request1 = new HttpGet(Url); > CloseableHttpResponse resp = client.execute(request1); > I went through all your examples and under the assumption that > SSLCOntext.createSystemDefault() should exhibit the same behaviour as > SSLConnectionSocketFactory.getSystemSocketFactory() ?.. > It appears its not? Am I missing something? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org