hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: javax.net.ssl.SSLException: Unrecognized SSL handshake.
Date Mon, 20 Jun 2005 14:44:00 GMT
Dennis,

Change the EasyTrustManager to trust any certificate:

public boolean isServerTrusted(X509Certificate[] certificates) {
  // like I care
  return true;
}

If you can establish a connection to the server using this hack, then
something must be wrong with your SSL context. Try following the
recommendations given in the javadocs of this class (below) to set it up
right:

http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup

Oleg

On Mon, Jun 20, 2005 at 10:35:03AM -0400, Dennis.Sharpe@rich.frb.org wrote:
> Oleg,
> 
> Thanks for responding. 
> 
> (1) I had already tried using a custom protocol (I copied 
> EasySSLProtocolSocketFactory) and that did not help me with my problem.  I 
> have downloaded the certificate from etrade and included it in my local 
> keystore.  I get a different error (untrusted cert chain) if I do not have 
> the certificate loaded locally.
> 
> (2) I only tried using HttpConnection directly because I could not get the 
> code to work using HttpClient as recommended.  I changed the code back to 
> using HttpClient and I still get the same error.
> 
> Do you have any other ideas I can try?
> 
> Thanks,
> Dennis
> 
> 
> 
> 
> Oleg Kalnichevski <olegk@apache.org> 
> 06/17/2005 06:35 AM
> Please respond to
> "HttpClient User Discussion" <httpclient-user@jakarta.apache.org>
> 
> 
> To
> HttpClient User Discussion <httpclient-user@jakarta.apache.org>
> cc
> 
> Subject
> Re: javax.net.ssl.SSLException: Unrecognized SSL handshake.
> 
> 
> 
> 
> 
> 
> Dennis,
> 
> I see several problems with your code.
> 
> (1) Nowhere in your code do I see your custom protocol being registered.
> Most likely Protocol protocol = Protocol.getProtocol(schema) still
> returns the default HTTPS protocol handler, which does not trust your
> target server
> 
> (2) Generally we strongly discourage the direct use of HttpConnection
> objects. The recommended pattern is to use HttpClient and, if needed, a
> custom connection manager if you absolutely have to do something unusual
> with the HTTP connections. This is how your code may look:
> 
> Protocol myhttps = new Protocol(
>         "https", 
>         new EasySSLProtocolSocketFactory(), // can be any custom
>                  socket factory 
>         443);
> Protocol.registerProtocol("https", myhttps);
> 
> URI uri = new
> URI("https://us.etrade.com/e/t/home".toCharArray());
> 
> HttpClient httpagent = new HttpClient();
> httpagent.getHostConfiguration().setProxy("myproxy", 8080);
> 
> HttpMethod method = new
> GetMethod(uri.toString());
> try {
>     httpagent.executeMethod(method);
>     if (method.getStatusCode() == HttpStatus.SC_OK) {
>        System.out.println(method.getResponseBodyAsString());
>     } else {
>        System.out.println("Unexpected failure: " + 
>        method.getStatusLine().toString());
>     }
> } finally {
>     method.releaseConnection();
> }
> 
> Oleg
> 
> On Thu, Jun 16, 2005 at 01:20:12PM -0400, Dennis.Sharpe@rich.frb.org 
> wrote:
> > I am having trouble connecting to a secure website through a proxy 
> server 
> > using httpclient.  I have some manual code that works using 
> > SSLTunnelSocketFactory and I'm wondering if maybe I am missing an API 
> call 
> > or something like that.  For testing, I am just using the etrade 
> website. 
> > I changed the name of the proxy server in my code snippet for security 
> > reasons.  Any ideas would be greatly appreciated.
> > 
> > Thanks,
> > Dennis
> > 
> > Here is the trace output:
> > 
> > 2005/06/16 13:11:16:730 EDT [TRACE] GetMethod - -enter GetMethod(String)
> > 2005/06/16 13:11:16:824 EDT [TRACE] ConnectMethod - -enter 
> > ConnectMethod(HttpMethod)
> > 2005/06/16 13:11:16:824 EDT [TRACE] ConnectMethod - -enter 
> > ConnectMethod.execute(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.execute(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:824 EDT [DEBUG] HttpMethodBase - -Execute loop try 1
> > 2005/06/16 13:11:16:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.processRequest(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:840 EDT [TRACE] HttpMethodBase - -Attempt number 1 
> to 
> > process request
> > 2005/06/16 13:11:16:840 EDT [DEBUG] HttpMethodBase - -Opening the 
> > connection.
> > 2005/06/16 13:11:16:840 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.open()
> > 2005/06/16 13:11:16:918 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.writeRequest(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:918 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.printLine(String)
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.writeLine(byte[])
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.writeLine()
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:16:949 EDT [DEBUG] header - ->> "CONNECT 
> > us.etrade.com:443 HTTP/1.1"
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.writeRequestHeaders(HttpState,HttpConnection)
> > 2005/06/16 13:11:16:949 EDT [TRACE] ConnectMethod - -enter 
> > ConnectMethod.addRequestHeaders(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addUserAgentRequestHeaders(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:949 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addHostRequestHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:949 EDT [DEBUG] HttpMethodBase - -Adding Host 
> request 
> > header
> > 2005/06/16 13:11:16:965 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addProxyAuthorizationRequestHeader(HttpState, 
> > HttpConnection)
> > 2005/06/16 13:11:16:965 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addProxyConnectionHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:16:965 EDT [DEBUG] header - ->> "User-Agent: Jakarta 
> > Commons-HttpClient/2.0.2[\r][\n]"
> > 2005/06/16 13:11:16:965 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:16:996 EDT [DEBUG] header - ->> "Host: 
> > us.etrade.com[\r][\n]"
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:16:996 EDT [DEBUG] header - ->> "Proxy-Connection: 
> > Keep-Alive[\r][\n]"
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.writeLine()
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:16:996 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.flushRequestOutputStream()
> > 2005/06/16 13:11:17:011 EDT [DEBUG] header - ->> "[\r][\n]"
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.flushRequestOutputStream()
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.readResponse(HttpState, HttpConnection)
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.readStatusLine(HttpState, HttpConnection)
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.readLine()
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readLine()
> > 2005/06/16 13:11:17:011 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readRawLine()
> > 2005/06/16 13:11:17:058 EDT [DEBUG] header - -<< "HTTP/1.1 200 
> Connection 
> > established[\r][\n]"
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.readResponseHeaders(HttpState,HttpConnection)
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.getResponseInputStream()
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpParser - -enter 
> > HeaderParser.parseHeaders(HttpConnection, HeaderGroup)
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readLine()
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readRawLine()
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readLine()
> > 2005/06/16 13:11:17:058 EDT [TRACE] HttpParser - -enter 
> > HttpParser.readRawLine()
> > 2005/06/16 13:11:17:058 EDT [DEBUG] header - -<< "Proxy-agent: 
> > BlueCoat-Security-Appliance[\r][\n]"
> > 2005/06/16 13:11:17:074 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
> > 2005/06/16 13:11:17:121 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.readResponseBody(HttpState, HttpConnection)
> > 2005/06/16 13:11:17:121 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.readResponseBody(HttpConnection)
> > 2005/06/16 13:11:17:121 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.getResponseInputStream()
> > 2005/06/16 13:11:17:121 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.canResponseHaveBody(int)
> > 2005/06/16 13:11:17:121 EDT [INFO] HttpMethodBase - -Response content 
> > length is not known
> > 2005/06/16 13:11:17:121 EDT [DEBUG] HttpMethodBase - -Force-close 
> > connection: true
> > 2005/06/16 13:11:17:136 EDT [DEBUG] ConnectMethod - -CONNECT status code 
> 
> > 200
> > 2005/06/16 13:11:17:136 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.tunnelCreated()
> > 2005/06/16 13:11:22:808 EDT [DEBUG] HttpConnection - -Secure tunnel 
> > created
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.execute(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [DEBUG] HttpMethodBase - -Execute loop try 1
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.processRequest(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -Attempt number 1 
> to 
> > process request
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.writeRequest(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.writeRequestLine(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.generateRequestLine(HttpConnection, String, String, 
> String, 
> > String)
> > 2005/06/16 13:11:22:808 EDT [DEBUG] header - ->> "GET /e/t/home 
> > HTTP/1.1[\r][\n]"
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.writeRequestHeaders(HttpState,HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addRequestHeaders(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addUserAgentRequestHeaders(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addHostRequestHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [DEBUG] HttpMethodBase - -Adding Host 
> request 
> > header
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addCookieRequestHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:808 EDT [TRACE] HttpState - -enter 
> > HttpState.getCookies()
> > 2005/06/16 13:11:22:824 EDT [TRACE] CookieSpec - -enter 
> > CookieSpecBase.match(String, int, String, boolean, Cookie[])
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addAuthorizationRequestHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addProxyAuthorizationRequestHeader(HttpState, 
> > HttpConnection)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addProxyConnectionHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpMethodBase - -enter 
> > HttpMethodBase.addContentLengthRequestHeader(HttpState, HttpConnection)
> > 2005/06/16 13:11:22:824 EDT [DEBUG] header - ->> "User-Agent: Jakarta 
> > Commons-HttpClient/2.0.2[\r][\n]"
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:22:824 EDT [DEBUG] header - ->> "Host: 
> > us.etrade.com[\r][\n]"
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.print(String)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.writeLine()
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[])
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.write(byte[], int, int)
> > 2005/06/16 13:11:22:824 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.flushRequestOutputStream()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.close()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.closeSockedAndStreams()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.close()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.closeSockedAndStreams()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.close()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.closeSockedAndStreams()
> > 2005/06/16 13:11:22:839 EDT [TRACE] HttpConnection - -enter 
> > HttpConnection.releaseConnection()
> > javax.net.ssl.SSLException: Unrecognized SSL handshake.
> >         at 
> > 
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2319)
> >         at 
> > 
> org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2692)
> >         at 
> > 
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1121)
> >         at 
> > 
> org.apache.commons.httpclient.ConnectMethod.execute(ConnectMethod.java:205)
> >         at 
> > org.frb.rich.ipac.ui.DbFileProcessor.main(DbFileProcessor.java:213)
> > 
> > 
> > 
> > Here is the code snippet I am using (stolen from examples):
> > 
> > URI uri = new URI("https://us.etrade.com/e/t/home".toCharArray());
> > String schema = uri.getScheme();
> > Protocol protocol = Protocol.getProtocol(schema);
> > HttpState state = new HttpState();
> > HttpMethod method = new GetMethod(uri.toString());
> > HttpConnection connection = new HttpConnection(uri.getHost(), 
> > uri.getPort(), protocol);
> > connection.setProxyHost("myproxy");
> > connection.setProxyPort(8080);
> > method = new ConnectMethod(method);
> > method.execute(state, connection);
> > if (method.getStatusCode() == HttpStatus.SC_OK)
> > {
> >         System.out.println(method.getResponseBodyAsString());
> > }
> > else
> > {
> >         System.out.println("Unexpected failure: " + 
> > method.getStatusLine().toString());
> > }
> > method.releaseConnection();
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message