hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From am am <akme...@yahoo.com>
Subject HttpClient and SSL handshake with IIS 7.0 Server
Date Sun, 22 May 2011 20:09:07 GMT

I am using apache httpclient and I configure the ssl context to use my keystore 
and truststore.
The https server I am using is IIS7 and is configured to require client 
authentication. I think I have set everything up properly from IIS part.
Anyway, if I configure the httpClent's ssl context with a keystore (i.e. with 
client certificates) valid for IIS then there is no problem connecting. 

Now my problem is the following: 
If I do NOT configure the ssl context with any client certificate to send to 
IIS, there is no connection with the server. 

What makes me worry though, is the fact that I was expecting to see some java 
exception in the code as a result of a hanshake failure alert. This exception 
never occured.
Monitoring what is happening with wireshark, and using the private key to 
decrypt the traces I saw a certificate request coming from IIS.  

The strange is that the httpclient replied with a Certificate message of length 
0 instead of a NoCertificateAlert. 
I think this is not correct. Per RFC it should be a NoCertificateAlert. Right?
Then IIS receiving the empty certificate message, does not raise a handshake 
alert either, but both parts stop communicating.  

How is this behavior explained? I think that it is a bug from httpclient part. 
Shouldn't I see an SSL alert in this context??

Thank you
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message