hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Travis T <travis.tr...@hp.com>
Subject SSL Mutual Authentication Code worked in 4.0.1 but fails in 4.1
Date Mon, 07 Mar 2011 23:24:06 GMT

I have a server with a self signed certificate.  I've created a java key
store (trustStore) which includes that server in the trust store.  I have a
keystore which includes my certificate and private key.  My certificate was
signed by the server. I've used the API to create a SSLSocketFactory that
registers my keystore and truststore.

Using Apache HTTPClient 4.0.1 it all worked.  I upgraded to 4.1 and other
than having to reorder the arguments in the Scheme constructor the code is
the same.  However, now I get a javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated

Help, please?

Below is the code:

String doGet(URI uri, String acceptType) throws Exception
	{
		// To be replaced by common module.
		String result = null;
		DefaultHttpClient httpclient = new DefaultHttpClient();
		try
		{
			SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
String.valueOf(keyStorePassword), trustStore);
			Scheme sch = new Scheme("https", 443, socketFactory);
			httpclient.getConnectionManager().getSchemeRegistry().register(sch);

			HttpGet httpget = new HttpGet(uri.toASCIIString());
			httpget.addHeader("Accept", acceptType);
			HttpResponse response = httpclient.execute(httpget);
			HttpEntity entity = response.getEntity();

			result = IOUtils.getContent(entity.getContent());
		} finally
		{
			httpclient.getConnectionManager().shutdown();
		}

		return result;
	}

Below is the exception I get in 4.1:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer
not authenticated
	at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
	at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
	at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
	at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
	at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
	at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
	at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
	at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
	at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
	at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
	at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
-- 
View this message in context: http://old.nabble.com/SSL-Mutual-Authentication-Code-worked-in-4.0.1-but-fails-in-4.1-tp31092864p31092864.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message