hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSLPeerUnverifiedException randomly occurring when doing 2-way SSL authentication on java sun6u12 and openjdk1.6, works fine with java sun6u10
Date Thu, 05 Mar 2009 10:19:18 GMT
On Wed, 2009-03-04 at 15:02 +0100, Fran├žois Terrier wrote:
> Hello everyone,
> 
> We have two Java application talking to each other through an SSL
> connection. This java app <--> java app communication is based on Spring
> HttpInvoker remoting. So the call chain looks like:
> 
> Java app  --(spring http-invoker)-->  Java app  
> 
> Between the two applications we do 2-way SSL authentication, however
> every once in a while using either Sun Java JDK 6 update 12 or OpenJDK
> 1.6 on the client, we receive an SSLUnverifiedPeerException (see below
> for complete stack trace) between the two apps. The server JVM version
> does not seem to matter. The Spring Http-Invoker remoting tech we use
> relies on the Apache commons HttpClient (version 4-beta2).
> 
> Does anyone have an idea what might go wrong? First we thought it might
> be a problem due to multiple threads using the HttpClient/Spring
> Remoting code simultaneously - we however get the same exception when
> testing this code in a single-threaded environment as well...
> 
> Could it be something broken in particular SSL implementations? Some
> settings for SSL connections that might trigger such an exception?
> 
> We would be very grateful for any hints or ideas you might have.
> 
> Best Regards,
> 
> Fran├žois Terrier
> 

So, you are saying the problem is intermittent? That's bizarre. All I
recommend is running the application with SSL debug on and checking
whether SSL connections fails because the client fails to supply valid /
correct user id or because the server for some reason rejects user id,
which is perfectly valid.

This does seem like a regression in Sun's JRE.

Oleg


> Here is the complete stack trace (test case using TestNG) :
> 
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> 	at
> sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:371)
> 	at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:129)
> 	at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:326)
> 	at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:129)
> 	at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
> 	at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
> 	at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:349)
> 	at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
> 	at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
> 	at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
> 	at
> com.iccoss.remote.client.ContentServiceProxy.getContentOfItem(ContentServiceProxy.java:33)
> 	at
> com.iccoss.dispatcher.MergingDataService.getContentOfItem(MergingDataService.java:170)
> 	at
> com.iccoss.remote.concurrency.ConcurrentDataServiceTestClient.testMultipleThreads(ConcurrentDataServiceTestClient.java:63)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:616)
> 	at org.testng.internal.MethodHelper.invokeMethod(MethodHelper.java:580)
> 	at org.testng.internal.MethodHelper
> $1.runTestMethod(MethodHelper.java:698)
> 	at
> org.springframework.test.context.testng.AbstractTestNGSpringContextTests.run(AbstractTestNGSpringContextTests.java:140)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:616)
> 	at
> org.testng.internal.MethodHelper.invokeHookable(MethodHelper.java:706)
> 	at org.testng.internal.Invoker.invokeMethod(Invoker.java:468)
> 	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:617)
> 	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:885)
> 	at
> org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:126)
> 	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:110)
> 	at org.testng.TestRunner.runWorkers(TestRunner.java:712)
> 	at org.testng.TestRunner.privateRun(TestRunner.java:582)
> 	at org.testng.TestRunner.run(TestRunner.java:477)
> 	at org.testng.SuiteRunner.runTest(SuiteRunner.java:324)
> 	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:319)
> 	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:292)
> 	at org.testng.SuiteRunner.run(SuiteRunner.java:198)
> 	at org.testng.TestNG.createAndRunSuiteRunners(TestNG.java:823)
> 	at org.testng.TestNG.runSuitesLocally(TestNG.java:790)
> 	at org.testng.TestNG.run(TestNG.java:708)
> 	at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:73)
> 	at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:124)
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message