Return-Path: 
 <httpclient-users-return-13521-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A894019169
	for <apmail-hc-httpclient-users-archive@www.apache.org>;
 Fri,  8 Apr 2016 23:29:56 +0000 (UTC)
Received: (qmail 4269 invoked by uid 500); 8 Apr 2016 23:29:56 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 4232 invoked by uid 500); 8 Apr 2016 23:29:56 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 4219 invoked by uid 99); 8 Apr 2016 23:29:56 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Apr 2016 23:29:56 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id AB161C1C0F
	for <httpclient-users@hc.apache.org>; Fri,  8 Apr 2016 23:29:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.179
X-Spam-Level: *
X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id ccK2BKkDsEDd for <httpclient-users@hc.apache.org>;
	Fri,  8 Apr 2016 23:29:53 +0000 (UTC)
Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com
 [209.85.218.51])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS
 id 0747F5F478
	for <httpclient-users@hc.apache.org>; Fri,  8 Apr 2016 23:29:52 +0000 (UTC)
Received: by mail-oi0-f51.google.com with SMTP id w85so153028491oiw.0
        for <httpclient-users@hc.apache.org>;
 Fri, 08 Apr 2016 16:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=Vlrk3+JRMz9XVO3IcPBMZIBHqEXSMqfC9P37RcB7XlE=;
        b=yhKOXaEKdDVY66sNnIPFPNZZaDwwQk2rPJL9OQcQQDfUHxjQbrLUo0NMCB4o10d0P9
         HSG4K1rFzN/AwFC9z17LpVQPBBlD3NLRuSlboWp2T/y8zlPAfSUq77gXz3YCkSyYudTU
         UrBgkwnr+CD8vGVjPTaOJjLrv2yDw+Ta35dP+H7kq1wceVlQ3kBJ/q3OIBvOgsBOh0jV
         tThD84Xrz0/k5+mIhPiMu2FVkpsCTqzg2UI1rHf7e9Ty+1I1xPDdqg+Dt0ng+7poerkT
         i3eoM5pYIG5kiV0RibMCWvpGz3nxFOO29OIb6m31I6rkenFRYuWFmti2XMOiHxQkgqP8
         qelg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=Vlrk3+JRMz9XVO3IcPBMZIBHqEXSMqfC9P37RcB7XlE=;
        b=eKOjdBJiLFyF9XfDgH3QsZ1Vs23hlb3CmsObmcy6IW0eGuTis0L+Jh+5GrcICzMzk2
         JOU2tqjzMR5yVueeMF6L8+lvNp6YENyh8jZeDBu3nkyyJ8UL/q8BD8Y1eGorXFAklNpZ
         nuR5h1uKWspBBaRSEImzqyVDi7Uk6+6RZQvqK854haxwf7ubkfTFB4gjij7ci9dE73zM
         Yl4XXWcu+89HFeseKmYvgTvpxKOpWiTallHIbXx9UefldZTQMnWgHzf4vAbdzvvRQXXV
         fVtcyGzlaCIgoe028r3ebQxyShstefBVsKjHA4f/c+iEyekqkftXMlvFwynYs3/jXQO7
         9w3w==
X-Gm-Message-State: 
 AD7BkJL+gQ7v8EjNUMsUEnGmYKJYbihH7rbR7P92gIxqm18n62qxk3dIsiI2pNHp0B0XxV/T2iF5IyKZAewgIA==
X-Received: by 10.202.82.204 with SMTP id g195mr4775029oib.110.1460158192319;
 Fri, 08 Apr 2016 16:29:52 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAEA_=xK2OHwVKtCs0NNV9hLNMTXaoMrMpCbkXenK4xhk5DQWPw@mail.gmail.com>
 <570813ff.12871c0a.bfc1e.ffff9d37@mx.google.com>
 <CAEA_=xJ4Cz84N2SFABiFg4ZKeYzdr=yF-uaQSyNh=pOwLDo2Lg@mail.gmail.com>
 <BLU436-SMTP57F764E197F3C81EA2873F92910@phx.gbl>
 <CAEA_=x+yWjjgdoY51bdEugyup3czY61Y8PaTHuD-coL=rPVDXw@mail.gmail.com>
 <BLU437-SMTP383474F2B5802E6D600CC792910@phx.gbl>
In-Reply-To: <BLU437-SMTP383474F2B5802E6D600CC792910@phx.gbl>
From: Robson Roberto Souza Peixoto <robsonpeixoto@gmail.com>
Date: Fri, 08 Apr 2016 23:29:42 +0000
Message-ID: 
 <CAEA_=xKWO+y1RMJvJbN4zwyR4dWq+biqr3qYxwycstuXX-qrGQ@mail.gmail.com>
Subject: Re: Trust all certificates
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Content-Type: multipart/alternative; boundary=001a113b15025e83320530019208

--001a113b15025e83320530019208
Content-Type: text/plain; charset=UTF-8

Thanks a lot, Sam Wilson.
I'll read it.

It's work well on java 8, but not on java 7 =/
>From Google Chrome:
```
Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses
ECDHE_RSA as the key exchange mechanism.
```

On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz121@hotmail.com> wrote:

> There are quite a few documents out there that go over SSL/TLS. Really
> depends on what you need to know. Wikipedia might be a good place to
> start, and there's always google to find out more. I seem to remember
> Mozilla had some decent high level documentation, but I think they've
> marked it as out of date.
>
> What's happening right now is that you can't complete the SSL handshake
> for some reason. StackOverflow has a post about someone having a similar
> problem: http://stackoverflow.com/a/6353956
>
> Hope that helps,
> Sam
>
> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > I'm a complete noob. Are there resources to help-me understand the
> problem.
> >
> > On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz121@hotmail.com>
> wrote:
> >
> >> You can only turn off as much SSL validation as you control. The server
> >> may also terminate a connection (say, for instance, it requires a client
> >> SSL certificate.)
> >>
> >> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> >>> But are there a way to disable the `SSL Verification`?
> >>>
> >>> I just wanna to ignore all SSL Verification.
> >>>
> >>> Thanks
> >>>
> >>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ecki@zusammenkunft.net
> >
> >>> wrote:
> >>>
> >>>> The exception you are showing means the server terminated the
> handshake
> >>>> for some reason. Hard to say why. It might require a client cert or
> does
> >>>> not like yout proposed ciphers or ssl protocols.
> >>>>
> >>>>
> >>>>
> >>>> This particular exception seems not related to untrusted certificates,
> >>>> your different approaches are both valid to accept all certs (ad long
> >> as it
> >>>> understands a common cipher and certificate type)
> >>>>
> >>>>
> >>>> Gruss
> >>>> Bernd
> >>>> --
> >>>> http://bernd.eckenfels.net
> >>>>   From Win 10 Mobile
> >>>>
> >>>>
> >>>>
> >>>> *Von: *Robson Roberto Souza Peixoto <robsonpeixoto@gmail.com>
> >>>> *Gesendet: *Freitag, 8. April 2016 22:16
> >>>> *An: *httpclient-users@hc.apache.org
> >>>> *Betreff: *Trust all certificates
> >>>>
> >>>>
> >>>>
> >>>> Hi guys,
> >>>>
> >>>>
> >>>>
> >>>> I'm using the HC to crawler a lot of sites =D. It's working like a
> >> charm. I
> >>>> really in love with HC.
> >>>>
> >>>>
> >>>>
> >>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> Received
> >>>>
> >>>> fatal alert: handshake_failure` when I try to access a page with a
> >> invalid
> >>>> Certificate.
> >>>>
> >>>>
> >>>>
> >>>> I googled a lot and tried all solutions, but no one worked.
> >>>>
> >>>> Here a gist with my last try:
> >>>>
> >>>>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>>>
> >>>>
> >>>>
> >>>> Are there a easy solution to trust all certificates of all hosts with
> >> HC?
> >>>>
> >>>>
> >>>> Thanks
> >>>>
> >>>> --
> >>>>
> >>>> Robson Roberto Souza Peixoto
> >>>>
> >>>> Robinho
> >>>>
> >>>> Master in Computer Science, University of Campinas
> >>>>
> >>>> IRC: robsonpeixoto
> >>>>
> >>>> Twitter: http://twitter.com/robinhopeixoto
> >>>>
> >>>> github: https://github.com/robsonpeixoto
> >>>>
> >>>>
> >>>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >> --
> > Robson Roberto Souza Peixoto
> > Robinho
> > Master in Computer Science, University of Campinas
> > IRC: robsonpeixoto
> > Twitter: http://twitter.com/robinhopeixoto
> > github: https://github.com/robsonpeixoto
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
> --
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto

--001a113b15025e83320530019208--