hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1798) SSL Problem
Date Sat, 31 Dec 2016 15:59:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15789685#comment-15789685
] 

Oleg Kalnichevski commented on HTTPCLIENT-1798:
-----------------------------------------------

What is _exactly_ the blocker bug that you want to report?

Oleg

> SSL Problem
> -----------
>
>                 Key: HTTPCLIENT-1798
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1798
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (async)
>    Affects Versions: 4.5.2
>         Environment: JDK 1.7 @ Windows 10 x64
>            Reporter: SuNova
>            Priority: Blocker
>
> I have an app which generates certificates dynamically and uses them in a hand made server.
This server has two audiences, Telegram Bot API and my own system (periodic checks to see
if server is still working as expected).
> I do everything fine and Telegram Bot API can connect to my server normally, and no exceptions
are thrown. Here is the way I configure my server:
> {code:title=WebHook.java|borderStyle=solid}
> SSLContext context = SSLContext.getInstance("TLSv1.2");
> X509Certificate cert = launcher.cert;
> PrivateKey privateKey = launcher.privateKey;
> KeyStore ks = KeyStore.getInstance("JKS");
> ks.load(null);
> ks.setCertificateEntry("cert-alias", cert);
> ks.setKeyEntry("key-alias", privateKey, "missile@supervisor".toCharArray(), new Certificate[]{cert});
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, "missile@supervisor".toCharArray());
> KeyManager[] km = kmf.getKeyManagers();
> context.init(km, null, null);
> serverSocket = context.getServerSocketFactory().createServerSocket(serverPort);
> {code}
> and so on.
> Telegram Bot API can connect to my server normally, but when I try to connect via my
own Apache Http Client, I see some "Server Side" errors:
> {code:title=Exception|borderStyle=solid}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>     at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
>     at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
>     at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
>     at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
>     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
>     at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:263)
>     at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:303)
>     at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:507)
>     at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:122)
>     at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164)
>     at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339)
>     at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317)
>     at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278)
>     at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
>     at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590)
>     at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
>     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
>     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
>     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
>     at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
>     at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
>     at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281)
>     at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:351)
>     ... 9 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
>     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
>     at sun.security.validator.Validator.validate(Validator.java:260)
>     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
>     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
>     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
>     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
>     ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
>     at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
>     ... 23 more
> {code}
> I don't know why I receive this error because it works normally when Telegram Bot API
connects to it, also using PostMan and even browser, I can normally connect, but when trying
to connect via Apache Http Client this error comes up. Can you guide me please?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message