Return-Path: Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org Received: (qmail 41573 invoked from network); 21 May 2005 12:53:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 21 May 2005 12:53:59 -0000 Received: (qmail 46528 invoked by uid 500); 21 May 2005 12:53:58 -0000 Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org Received: (qmail 46489 invoked by uid 500); 21 May 2005 12:53:57 -0000 Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: "HttpClient User Discussion" Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-user@jakarta.apache.org Received: (qmail 46354 invoked by uid 99); 21 May 2005 12:53:56 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from dd1618.kasserver.com (HELO dd1618.kasserver.com) (81.209.148.227) by apache.org (qpsmtpd/0.28) with ESMTP; Sat, 21 May 2005 05:53:54 -0700 Received: from [192.168.127.2] (pD9E74B30.dip0.t-ipconnect.de [217.231.75.48]) by dd1618.kasserver.com (Postfix) with ESMTP id 681C185DB3 for ; Sat, 21 May 2005 14:53:39 +0200 (CEST) Message-ID: <428F3D4D.2080108@rssowl.org> Date: Sat, 21 May 2005 14:53:17 +0100 From: Benjamin Pasero User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: HttpClient User Discussion Subject: Re: Getting no content using Proxy and HTTPS References: <428BA51B.5090701@rssowl.org> <1116451656.4889.3.camel@localhost.localdomain> <428E214B.2060600@rssowl.org> <1116672863.6732.9.camel@localhost.localdomain> In-Reply-To: <1116672863.6732.9.camel@localhost.localdomain> Content-Type: multipart/mixed; boundary="------------030405050300050306070408" X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --------------030405050300050306070408 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Oleg Kalnichevski wrote: >Benjamin, > >OK. I have spotted the problem: > >[DEBUG] header - >> "GET >https://sourceforge.net/export/rss2_project.php?group_id=86683 HTTP/1.1 >[\r][\n]" > >This of course is not right. HttpClient is programmed to use so called >secure tunneling when executing HTTPS via a proxy. > >Does your application register a custom HTTPS Protocol object with a >custom ProtocolSocketFactory? > > Ah ok. Well, I am doing as follows: Protocol easyHttpsProtocol = new Protocol("https", new EasySSLProtocolSocketFactory(), 443); Protocol.registerProtocol("https", easyHttpsProtocol); I think this was taken directly from the Examples. I am calling that ONCE on startup of the application. The EasySSLProtocolSocketFactory implements ProtocolSocketFactory The EasyX509TrustManager implements X509TrustManager I am not using the legacy com.sun.* classes for these, but the ones from javax.net.ssl.* Do I have to do something special to enable secure Tunneling? Find the two classes I am using attached. Thanks for helping, Ben >Oleg > > >On Fri, 2005-05-20 at 18:41 +0100, Benjamin Pasero wrote: > > >>>HttpClient must have thrown as exception but unfortunately it has not >>>been logged, so I can't really tell what caused it in the first place. >>> >>>Have you tried running the same code in Java 1.4.2? >>> >>> >>> >>> >>He is not able to switch to an older Java version, since it is a companies >>PC. >> >>I looked at my code and found out that I am calling >>setAuthenticationPreemptive(true) >>in any case even if the Proxy does not require Username / Password >>Authentication. >> >>Could this be the source of the problem? >> >>I have asked the user, his Proxy does not require Authentication. >> >>Ben >> >> >> >>>Oleg >>> >>> >>>On Wed, 2005-05-18 at 21:27 +0100, Benjamin Pasero wrote: >>> >>> >>> >>> >>>>Hi, >>>> >>>>as user is having problems accessing a Document via HTTPS using latest >>>>HttpClient nightly. >>>>He is using a proxy with Basic authentication. Accessing the same >>>>Document via HTTP is >>>>working. >>>> >>>>I am having a Debug+Trace log, but not able to read out what might go >>>>wrong. If anybody >>>>could help me? >>>> >>>>Here is the log: >>>>https://sourceforge.net/tracker/download.php?group_id=86683&atid=580502&file_id=134944&aid=1200447 >>>> >>>>Thanks, >>>>Ben >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org >>>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org >>>> >>>> >>>> >>>> >>>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org >>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org >>> >>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org >>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org > > > > --------------030405050300050306070408 Content-Type: text/plain; name="EasySSLProtocolSocketFactory.java" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="EasySSLProtocolSocketFactory.java" /* ********************************************************************** ** ** ** ** Copyright 2002-2005 The Apache Software Foundation ** ** ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** ** you may not use this file except in compliance with the License. ** ** You may obtain a copy of the License at ** ** ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** ** ** Unless required by applicable law or agreed to in writing, software ** ** distributed under the License is distributed on an "AS IS" BASIS, ** ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied. ** ** See the License for the specific language governing permissions and ** ** limitations under the License. ** ** ** ** This software consists of voluntary contributions made by many ** ** individuals on behalf of the Apache Software Foundation. For more ** ** information on the Apache Software Foundation, please see ** ** . ** ** ********************************************************************** */ package net.sourceforge.rssowl.dao.ssl; import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.HttpClientError; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory; import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; /** * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s that * accept self-signed certificates. * * @author Oleg Kalnichevski * @version 1.1.2 */ public class EasySSLProtocolSocketFactory implements ProtocolSocketFactory { private SSLContext sslcontext = null; /** * Constructor for EasySSLProtocolSocketFactory. */ public EasySSLProtocolSocketFactory() { super(); } /** * Create the SSL Context. * * @return The SSLContext */ private static SSLContext createEasySSLContext() { try { SSLContext context = SSLContext.getInstance("SSL"); context.init(null, new TrustManager[] { new EasyX509TrustManager(null) }, null); return context; } catch (Exception e) { throw new HttpClientError(e.toString()); } } /** * @see ProtocolSocketFactory#createSocket(java.lang.String,int) */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port); } /** * @see ProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) */ public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort); } /** * Attempts to get a new socket connection to the given host within the given * time limit. *

* To circumvent the limitations of older JREs that do not support connect * timeout a controller thread is executed. The controller thread attempts to * create a new socket within the given limit of time. If socket constructor * does not return until the timeout expires, the controller terminates and * throws an {@link ConnectTimeoutException} *

* * @param host the host name/IP * @param port the port on the host * @param params {@link HttpConnectionParams Http connection parameters} * @return Socket a new socket * @throws IOException if an I/O error occurs while creating the socket * @throws UnknownHostException if the IP address of the host cannot be * determined */ public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort, final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { if (params == null) throw new IllegalArgumentException("Parameters may not be null"); int timeout = params.getConnectionTimeout(); if (timeout == 0) return createSocket(host, port, localAddress, localPort); /** To be eventually deprecated when migrated to Java 1.4 or above */ return ControllerThreadSocketFactory.createSocket(this, host, port, localAddress, localPort, timeout); } /** * @see java.lang.Object#equals(java.lang.Object) */ public boolean equals(Object obj) { return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class)); } /** * @see java.lang.Object#hashCode() */ public int hashCode() { return EasySSLProtocolSocketFactory.class.hashCode(); } /** * @return The SSLContext */ private SSLContext getSSLContext() { if (this.sslcontext == null) { this.sslcontext = createEasySSLContext(); } return this.sslcontext; } } --------------030405050300050306070408 Content-Type: text/plain; name="EasyX509TrustManager.java" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="EasyX509TrustManager.java" /* ********************************************************************** ** ** ** ** Copyright 2002-2005 The Apache Software Foundation ** ** ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** ** you may not use this file except in compliance with the License. ** ** You may obtain a copy of the License at ** ** ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** ** ** Unless required by applicable law or agreed to in writing, software ** ** distributed under the License is distributed on an "AS IS" BASIS, ** ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied. ** ** See the License for the specific language governing permissions and ** ** limitations under the License. ** ** ** ** This software consists of voluntary contributions made by many ** ** individuals on behalf of the Apache Software Foundation. For more ** ** information on the Apache Software Foundation, please see ** ** . ** ** ********************************************************************** */ package net.sourceforge.rssowl.dao.ssl; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; /** * EasyX509TrustManager unlike default {@link X509TrustManager} accepts * self-signed certificates. * * @author Adrian Sutton * @author Oleg Kalnichevski */ public class EasyX509TrustManager implements X509TrustManager { private X509TrustManager standardTrustManager = null; /** * Constructor for EasyX509TrustManager. * * @param keystore In-memory collection of keys and certificates * @throws NoSuchAlgorithmException In case of an error * @throws KeyStoreException In case of an error */ public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); TrustManagerFactory factory = TrustManagerFactory.getInstance("SunX509"); factory.init(keystore); TrustManager[] trustmanagers = factory.getTrustManagers(); if (trustmanagers.length == 0) throw new NoSuchAlgorithmException("SunX509 trust manager not supported"); this.standardTrustManager = (X509TrustManager) trustmanagers[0]; } /** * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], * java.lang.String) */ public void checkClientTrusted(X509Certificate[] chain, String authType) { return; } /** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], * java.lang.String) */ public void checkServerTrusted(X509Certificate[] chain, String authType) { return; } /** * @see X509TrustManager#getAcceptedIssuers() */ public X509Certificate[] getAcceptedIssuers() { if (standardTrustManager != null) return standardTrustManager.getAcceptedIssuers(); return new X509Certificate[] { }; } } --------------030405050300050306070408 Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-user-help@jakarta.apache.org --------------030405050300050306070408--