hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: HTTPS Certification problem
Date Thu, 28 Jun 2007 14:49:29 GMT
Dhanushka Amarakoon wrote:

>     while (retry <= retryCount) {
>       System.setProperty("javax.net.ssl.trustStore", keyStore);
>  
>       HttpClient httpclient = new HttpClient();

That is bad. You should instantiate HttpClient only once
and re-use the instance. At the very least you should
shutdown the connection manager before forgetting about
an HttpClient instance. Used like this, your code is
leaking open socket connections, leaving them to mercy
of the garbage collector.

> I noticed that it initialises the keystore only the first time it connects
> to any site and until i restart my program it wont initialize the keystore
> again. Meaning even if the method saves the new certificate in the keystore
> the program seems to refer to the old keystore and not the updated one.

Exactly. The keystore is loaded once from the file to memory, then the
data in memory is used. I assume it is possible to update the keystore
explicitly at runtime, or to instantiate a new SSL context with the
modified keystore. Please refer to the SSL and JSSE documentation.

> I tried using AuthSSLProtocolSocketFactory but it throws a error 
> 
> java.security.KeyStoreException: No private keys found in keystore!
> 
> And when I modify the keystore and add a new key I created via keytool I get
> the message 
> 
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. 

There are several different and incompatible formats for key stores.
You probably use the wrong one, or fail to tell the correct format
when loading the keystore. AuthSSLProtocolSocketFactory is meant to
be adapted to your specific needs, so you should dive into the code
and fix it until it works for you.
Have a look at not-yet-commons-ssl, it might help you with the
different keystore formats:
http://juliusdavies.ca/commons-ssl/

hope that helps,
  Roland





---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message