hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fang Lin <Fang...@u.washington.edu>
Subject RE: handshake_failure when upgrading from httpclient 3.6 to 4.1.1.
Date Thu, 07 Jul 2011 00:58:26 GMT
Got it to work with a Custom SSL Socket! Not sure why this is necessary. The key store and
trust store are specified when starting tomcat or running java.

public class MySocketFactory extends SSLSocketFactory {
... ...
  static {
    try {
      instream1 = new FileInputStream
        (new File("/usr/local/ssl/certs/my.p12")); 
      keyStore = KeyStore.getInstance("pkcs12");
      keyStore.load(instream1, keystorePassword.toCharArray());

      instream2 = new FileInputStream
        (new File("/usr/local/java/jre/lib/security/cacerts")); 
      trustStore = KeyStore.getInstance("jks");
      trustStore.load(instream2, keystorePassword.toCharArray());

    } catch (Exception e) {
      log.error ("Failed to load key and trust store", e);
    } finally {
      try {
        instream1.close();
        instream2.close();
      } catch (Exception e) {}
    }
  }

  public MySocketFactory ()
    throws NoSuchAlgorithmException,
           KeyManagementException,
           KeyStoreException,
           UnrecoverableKeyException {
    super(keyStore, keystorePassword, trustStore);
  }

  public Socket createSocket(HttpParams params)
    throws IOException {
    return (SSLSocket) super.createSocket(params);
  }

  public Socket createLayeredSocket(final Socket socket, 
                                    final String host, 
                                    final int port, 
                                    final boolean autoClose)
    throws IOException, UnknownHostException {
    SSLSocket sslSocket = 
      (SSLSocket) super.createLayeredSocket(socket, 
                                            host, 
                                            port, 
                                            autoClose);
    getHostnameVerifier().verify(host, sslSocket);
    return sslSocket;
  }
}

Mime
View raw message