hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Václav Tregner <vaclav.treg...@gmail.com>
Subject Re: poolingccm & SSLConnectionSocketFactory
Date Fri, 22 Nov 2013 06:01:02 GMT
See my answer in post below. You have to pass socketFactoryRegistry in
contructor when creating PoolingHttpClientConnectionManager.

http://stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3/19950935#19950935

Vasek


2013/11/22 Arni Sumarlidason <sumarlidason@gmail.com>

> Hello,
>
> I am trying to use the pooling connection manager in conjunction with
> SSLConnectionSocketFactory => to allow connections to self signed SSL
> servers as well as configurable connection manager.
>
> The following works just fine:
>   SSLContextBuilder builder = new SSLContextBuilder();
>   builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
>   SSLConnectionSocketFactory sslsf = new
> SSLConnectionSocketFactory(builder.build());
>   m_httpClient =
>
> HttpClients.custom().setDefaultCookieStore(m_cookieStore).setSSLSocketFactory(sslsf).build();
>
> However the addition of the connection manager seems to break the
> TrustSelfSignedStrategy...:
>   SSLContextBuilder builder = new SSLContextBuilder();
>   builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
>   SSLConnectionSocketFactory sslsf = new
> SSLConnectionSocketFactory(builder.build());
>
>   m_connectionManager = new PoolingHttpClientConnectionManager();
>   m_connectionManager.setMaxTotal(200);
>   m_connectionManager.setDefaultMaxPerRoute(20);
>
>   m_httpClient =
>
> HttpClients.custom().setDefaultCookieStore(m_cookieStore).setSSLSocketFactory(sslsf).setConnectionManager(m_connectionManager).build();
>
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>     at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
>     at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
>     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>     at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>     at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
>     at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>     at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>     at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:261)
>     at
> org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:118)
>     at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
>     at
> org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:357)
>     at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:218)
>     at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:194)
>     at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:85)
>     at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
>     at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
>     at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>     at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
>     at com.mdaus.http.Http.exec(Http.java:158)
>     at com.mdaus.http.Http.doGetWithResponse(Http.java:371)
>     at com.mdaus.http.Http.doGetWithResponse(Http.java:404)
>     at com.mdaus.Maps.MapsAPI.run(MapsAPI.java:53)
>     at java.lang.Thread.run(Thread.java:744)
> Caused by: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>     at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
>     at sun.security.validator.Validator.validate(Validator.java:260)
>     at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
>     at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
>     at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
>     at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
>     ... 23 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>     at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
>     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>     ... 29 more
>
>
>
> If anyone can shed some light, I'd appreciate it :o)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message