hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL via Proxy Problems
Date Thu, 18 Aug 2005 12:32:19 GMT
On Thu, Aug 18, 2005 at 02:18:27PM +0200, michael haeusler wrote:
> Oleg,
> 
> how could this be a problem of the SSL context if all works fine in 
> client 3-rc3 without proxy,
> and also works fine in client 2 with or without proxy.
> 

Because this is what I see in the exception stack trace. Please review
the de.msg.transport.ssl.SSLProtocolSocketFactory class and make sure
that it correctly implements the SecureProtocolSocketFactory interface,
especially new methods introduced in 3.0

Oleg

> something must be different in client 3.
> 
> Oleg Kalnichevski wrote:
> 
> >Michael,
> >
> >This means one and only thing: misconfiguration of the SSL context,
> >which is strictly speaking not a problem with HttpClient. For details
> >see the SSL guide [1]. You might want to take a closer look at the
> >AuthSSLProtocolSocketFactory in particular.
> >
> >Hope this helps,
> >
> >Oleg
> >
> >[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
> >
> >
> >On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
> > 
> >
> >>Hello,
> >>
> >>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
> >>our application does not work correctly any more.
> >>
> >>the http server that the application connects to requires SSL with 
> >>client-certificates.
> >>without a http-proxy server there is no problem.
> >>when using a http-proxy server, the result depends on the proxy server, 
> >>it either never responds, or a "peer not authenticated" exception is 
> >>thrown at the application.
> >>here is log debug log:
> >>
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.protocol.version = HTTP/1.1
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.connection-manager.class = class 
> >>org.apache.commons.httpclient.SimpleHttpConnectionManager
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.protocol.cookie-policy = rfc2109
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.protocol.element-charset = US-ASCII
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.protocol.content-charset = ISO-8859-1
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.method.retry-handler = 
> >>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, 
> >>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy 
> >>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE 
> >>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy 
> >>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, 
> >>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy 
> >>HH:mm:ss z]
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.connection-manager.max-total = 500
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.connection.timeout = 60000
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun 
> >>Microsystems Inc.
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java class path: 
> >>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
> >>name: Windows XP
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
> >>architecture: x86
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
> >>version: 5.1
> >>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA 
> >>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; 
> >>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX 
> >>CertPathBuilder; LDAP, Collection CertStores)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun 
> >>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust 
> >>factories, SSLv3, TLSv1)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42: 
> >>SUN's provider for RSA signatures
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE 
> >>Provider (implements DES, Triple DES, AES, Blowfish, PBE, 
> >>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun 
> >>(Kerberos v5)
> >>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle 
> >>Security Provider v1.29
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.socket.timeout = 0
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
> >>PostMethod.clearRequestBody()
> >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
> >>enter EntityEnclosingMethod.clearRequestBody()
> >>org.apache.commons.httpclient.HttpClient - 10000 - enter 
> >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- HttpConnectionManager.getConnection:  config = 
> >>HostConfiguration[host=https://localhost, 
> >>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- Allocating new connection, 
> >>hostConfig=HostConfiguration[host=https://localhost, 
> >>proxyHost=http://192.168.200.224:8888]
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
> >>HttpConnection.open()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
> >>to 192.168.200.224:8888
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
> >>parameter http.socket.timeout = 0
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
> >>PostMethod.clearRequestBody()
> >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
> >>enter EntityEnclosingMethod.clearRequestBody()
> >>org.apache.commons.httpclient.HttpClient - 10000 - enter 
> >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- HttpConnectionManager.getConnection:  config = 
> >>HostConfiguration[host=https://localhost, 
> >>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- enter 
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
> >>- Allocating new connection, 
> >>hostConfig=HostConfiguration[host=https://localhost, 
> >>proxyHost=http://192.168.200.224:8888]
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
> >>HttpConnection.open()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
> >>to 192.168.200.224:8888
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
> >>HttpConnection.closeSockedAndStreams()
> >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the 
> >>connection.
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
> >>HttpConnection.close()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
> >>HttpConnection.closeSockedAndStreams()
> >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception 
> >>caught when processing request: peer not authenticated
> >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not 
> >>authenticated
> >>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >>  at 
> >>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
> >>  at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
> >>  at 
> >>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
> >>  at 
> >>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
> >>  at 
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
> >>  at 
> >>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> >>  at 
> >>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> >>  at 
> >>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> >>  at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
> >>  at de.msg.j.run(Unknown Source)
> >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying 
> >>request
> >>
> >>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >>   
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> > 
> >
> 
> -- 
> Mit freundlichen Gr??en / Best Regards,
> Michael H?usler
> __________________________________________________________________
> Ponton Consulting GmbH                 voice:  + 49.40.69213-340
> http://www.ponton-consulting.de/       fax:    + 49.40.69213-355
> Dorotheenstra?e 60
> D-22301 Hamburg
>                       Ponton Consulting is a Member of C1 Group
> __________________________________________________________________
> 
> HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
> Ponton Consulting is a Member of C1 Group (www.c1-group.com)
> __________________________________________________________________
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message