Return-Path: 
 <httpclient-users-return-10718-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1F72EDF4A
	for <apmail-hc-httpclient-users-archive@www.apache.org>;
 Wed, 26 Sep 2012 10:05:45 +0000 (UTC)
Received: (qmail 68730 invoked by uid 500); 26 Sep 2012 10:05:42 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 68293 invoked by uid 500); 26 Sep 2012 10:05:39 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 68239 invoked by uid 99); 26 Sep 2012 10:05:37 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Sep 2012 10:05:37 +0000
X-ASF-Spam-Status: No, hits=0.7 required=5.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [217.150.250.48] (HELO kalnich.nine.ch) (217.150.250.48)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Sep 2012 10:05:32 +0000
Received: from [192.168.42.181] (unknown [213.55.184.150])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by kalnich.nine.ch (Postfix) with ESMTPSA id 6D77CB80265
	for <httpclient-users@hc.apache.org>; Wed, 26 Sep 2012 12:05:10 +0200 (CEST)
Message-ID: <1348653901.11233.1.camel@ubuntu>
Subject: Re: how to work around javax.net.ssl.SSLKeyException: RSA premaster
From: Oleg Kalnichevski <olegk@apache.org>
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Date: Wed, 26 Sep 2012 12:05:01 +0200
In-Reply-To: <1579549587CEA24C85CE49CE261FA5E10FD5B814@ltischcsx01.lti.int>
References: <1579549587CEA24C85CE49CE261FA5E10FD5B814@ltischcsx01.lti.int>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6 
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, 2012-09-25 at 15:39 +0000, Welty, Richard wrote:
> I'm working on a project which is switching to httpclient 4 from the old commons-httpclient 3, and I'm working through certificate issues.
> 
> 
> 
> The environment is FuseESBEnterprise-7.0.1, a packaging of apache servicenow, and I obtained httpclient 4 via the camel-http4 feature. The OS is CentO= S 6 with openjdk 1.6.0
> 
> 
> 
> The remote site I'm accessing is demo04.service-now.com, which is using some sort of wildcarded certificate. I used code found here (http://javaskelet=
> 
> on.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html) to work around the wildcard problem.
> 
> 
> 
> I can access the site via curl easily enough:
> 
> 
> 
> curl -u admin:admin https://demo04.service-now.com/cmdb_ci_list.do?XML&sysparm_query=name=123.123.123.198
> 
> 
> 
> and it returns the expected result
> 
> 
> 
> having worked through the wildcard issue, I'm now looking at this, with no clear understanding of how to go forward. Does anyone have any suggestions?
> 
> 
> 

This looks like an SSL protocol issue unrelated to HttpClient. All I can
think of is upgrading the JRE to something newer.

Oleg 

> javax.net.ssl.SSLKeyException: RSA premaster secret error
> 
>         at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:114)[:1.6.0_24]
> 
>         at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:703)[:1.6.0_24]
> 
>         at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)[:1.6.0_24]
> 
>         at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)[:1.6.0_24]
> 
>         at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)[:1.6.0_24]
> 
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945)[:1.6.0_24]
> 
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)[:1.6.0_24]
> 
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:657)[:1.6.0_24]
> 
>         at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:108)[:1.6.0_24]
> 
> ...
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org