hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From michael haeusler <haeus...@ponton-consulting.de>
Subject Re: SSL via Proxy Problems
Date Thu, 18 Aug 2005 12:18:27 GMT
Oleg,

how could this be a problem of the SSL context if all works fine in 
client 3-rc3 without proxy,
and also works fine in client 2 with or without proxy.

something must be different in client 3.

Oleg Kalnichevski wrote:

>Michael,
>
>This means one and only thing: misconfiguration of the SSL context,
>which is strictly speaking not a problem with HttpClient. For details
>see the SSL guide [1]. You might want to take a closer look at the
>AuthSSLProtocolSocketFactory in particular.
>
>Hope this helps,
>
>Oleg
>
>[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
>
>
>On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
>  
>
>>Hello,
>>
>>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
>>our application does not work correctly any more.
>>
>>the http server that the application connects to requires SSL with 
>>client-certificates.
>>without a http-proxy server there is no problem.
>>when using a http-proxy server, the result depends on the proxy server, 
>>it either never responds, or a "peer not authenticated" exception is 
>>thrown at the application.
>>here is log debug log:
>>
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.protocol.version = HTTP/1.1
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.connection-manager.class = class 
>>org.apache.commons.httpclient.SimpleHttpConnectionManager
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.protocol.cookie-policy = rfc2109
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.protocol.element-charset = US-ASCII
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.protocol.content-charset = ISO-8859-1
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.method.retry-handler = 
>>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, 
>>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy 
>>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE 
>>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy 
>>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, 
>>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy 
>>HH:mm:ss z]
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.connection-manager.max-total = 500
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.connection.timeout = 60000
>>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
>>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun 
>>Microsystems Inc.
>>org.apache.commons.httpclient.HttpClient - 10000 - Java class path: 
>>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
>>name: Windows XP
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
>>architecture: x86
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
>>version: 5.1
>>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA 
>>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; 
>>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX 
>>CertPathBuilder; LDAP, Collection CertStores)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun 
>>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust 
>>factories, SSLv3, TLSv1)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42: 
>>SUN's provider for RSA signatures
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE 
>>Provider (implements DES, Triple DES, AES, Blowfish, PBE, 
>>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun 
>>(Kerberos v5)
>>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle 
>>Security Provider v1.29
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.socket.timeout = 0
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
>>PostMethod.clearRequestBody()
>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
>>enter EntityEnclosingMethod.clearRequestBody()
>>org.apache.commons.httpclient.HttpClient - 10000 - enter 
>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter 
>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- HttpConnectionManager.getConnection:  config = 
>>HostConfiguration[host=https://localhost, 
>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- Allocating new connection, 
>>hostConfig=HostConfiguration[host=https://localhost, 
>>proxyHost=http://192.168.200.224:8888]
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
>>HttpConnection.open()
>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
>>to 192.168.200.224:8888
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
>>parameter http.socket.timeout = 0
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 - 
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
>>PostMethod.clearRequestBody()
>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
>>enter EntityEnclosingMethod.clearRequestBody()
>>org.apache.commons.httpclient.HttpClient - 10000 - enter 
>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter 
>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- HttpConnectionManager.getConnection:  config = 
>>HostConfiguration[host=https://localhost, 
>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
>>- Allocating new connection, 
>>hostConfig=HostConfiguration[host=https://localhost, 
>>proxyHost=http://192.168.200.224:8888]
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
>>HttpConnection.open()
>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
>>to 192.168.200.224:8888
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
>>HttpConnection.closeSockedAndStreams()
>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the 
>>connection.
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
>>HttpConnection.close()
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter 
>>HttpConnection.closeSockedAndStreams()
>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception 
>>caught when processing request: peer not authenticated
>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not 
>>authenticated
>>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>   at 
>>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
>>   at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
>>   at 
>>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
>>   at 
>>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
>>   at 
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
>>   at 
>>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
>>   at 
>>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
>>   at 
>>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
>>   at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
>>   at de.msg.j.run(Unknown Source)
>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request
>>
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>  
>

-- 
Mit freundlichen Grüßen / Best Regards,
Michael Häusler
__________________________________________________________________
Ponton Consulting GmbH                 voice:  + 49.40.69213-340
http://www.ponton-consulting.de/       fax:    + 49.40.69213-355
Dorotheenstraße 60
D-22301 Hamburg
                       Ponton Consulting is a Member of C1 Group
__________________________________________________________________

HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
Ponton Consulting is a Member of C1 Group (www.c1-group.com)
__________________________________________________________________


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message