Marc,
I investigated the problem a little and this is what I have found out:
(1) The problem has nothing to do with HttpClient as such
(2) The culprit is most likely to be the Sun's implementation of SSL (or its default
settings)
(3) IBM JDK (I used Websphere appclient 5.0.1 for my test) does not exhibit the
problem
Below I am attaching the source of my simple test application as well as resultant
console output. I leave it up to you to figure out what particularly the site does not
like about Sun's default SSL settings.
Good luck
Oleg
=============================================================================================
package org.apache.commons.httpclient;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class SSLTest
{
public static final String TARGET_HTTPS_SERVER = "mail.webavinet.net";
public static final int TARGET_HTTPS_PORT = 443;
public static void main(String[] args) throws Exception
{
SSLTest test = new SSLTest();
test.doStuff();
}
public void doStuff() throws IOException
{
SSLContext context = null;
try
{
context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] { new TestX509TrustManager(null)},
null);
} catch (Exception e)
{
throw new RuntimeException(e.toString());
}
SSLSocketFactory factory = context.getSocketFactory();
Socket socket = factory.createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT);
try
{
Writer out = new OutputStreamWriter(socket.getOutputStream(),
"ISO-8859-1");
out.write("GET / HTTP/1.1\r\n");
out.write("Host: " + TARGET_HTTPS_SERVER + ":" + TARGET_HTTPS_PORT +
"\r\n");
out.write("Agent: SSL-TEST\r\n");
out.write("\r\n");
out.flush();
BufferedReader in =
new BufferedReader(new InputStreamReader(socket.getInputStream(),
"ISO-8859-1"));
String line = null;
while ((line = in.readLine()) != null)
{
System.out.println(line);
}
} finally
{
socket.close();
}
}
private class TestX509TrustManager implements X509TrustManager
{
private X509TrustManager standardTrustManager = null;
public TestX509TrustManager(KeyStore keystore)
throws NoSuchAlgorithmException, KeyStoreException
{
super();
TrustManagerFactory factory = TrustManagerFactory.getInstance("IBMX509");
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0)
{
throw new NoSuchAlgorithmException("IBMX509 trust manager not
supported");
}
this.standardTrustManager = (X509TrustManager) trustmanagers[0];
}
public void checkClientTrusted(X509Certificate[] certificates, String authType)
throws CertificateException
{
this.standardTrustManager.checkClientTrusted(certificates, authType);
}
public void checkServerTrusted(X509Certificate[] certificates, String authType)
throws CertificateException
{
if (certificates != null)
{
for (int i = 0; i < certificates.length; i++)
{
System.out.println("X509Certificate[" + i + "]=" +
certificates[i]);
}
}
if ((certificates != null) && (certificates.length == 1))
{
X509Certificate certificate = certificates[0];
certificate.checkValidity();
} else
{
this.standardTrustManager.checkServerTrusted(certificates, authType);
}
}
public X509Certificate[] getAcceptedIssuers()
{
return this.standardTrustManager.getAcceptedIssuers();
}
}
}
=============================================================================================
X509Certificate[0]=[
[
Version: V1
Subject: [EMAIL PROTECTED], CN=mail.webavinet.net, OU=IAE (Messaging), O=ARINC,
L=Annapolis, ST=Maryland, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: IBMJCE RSA Public Key:
modulus:
142358868337072176726488772914202353366297496321162172153396699597174462025304745715769551780676554132101345047439500739741302826578445202305488830495735617834443145722322852654248571640150331241423812602415726748191134796041239299243026328529874991346388904410611396670499623361880043736426784731057695356909
public exponent:
65537
Validity: [From: Thu Feb 15 22:41:54 CET 2001,
To: Sun Feb 13 22:41:54 CET 2011]
Issuer: [EMAIL PROTECTED], CN=mail.webavinet.net, OU=IAE (Messaging), O=ARINC,
L=Annapolis, ST=Maryland, C=US
SerialNumber: [ 0 ]
]
Algorithm: [MD5withRSA]
Signature:
0000: 6F 91 1F 64 1F DA 13 75 EC 1C 1B 83 DD C6 C3 77 o..d...u.......w
0010: 00 01 F4 4C A8 49 53 E5 AB B3 A4 12 EA C6 37 C4 ...L.IS.......7.
0020: 45 78 CC EC F1 EE 64 9D 30 78 F4 36 4B 76 8E 94 Ex....d.0x.6Kv..
0030: BF 5C D7 67 5F DD D6 05 AC 59 45 6A F9 61 00 47 .\.g_....YEj.a.G
0040: 29 86 17 24 90 6D 9B 6F 04 48 58 5D 20 EC 01 8A )..$.m.o.HX] ...
0050: EF 67 56 35 45 35 25 F4 39 CF 97 F2 AC 4E F0 D9 .gV5E5%.9....N..
0060: 2D 2F 43 3F D1 69 14 5D E2 56 D3 90 96 59 8D BA -/C?.i.].V...Y..
0070: 88 EF 65 87 32 33 6E 72 D9 66 6C 33 3F 7F A9 70 ..e.23nr.fl3?..p
]
HTTP/1.0 200 OK
Date: Mon, 09 Feb 2004 13:40:38 GMT
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Cache-Control: no-cache
Cache-Control: must-revalidate
Pragma: no-cache
Message-Id: <[EMAIL PROTECTED]>
Content-Length: 1933
Content-type: text/html
Last-Modified: Mon, 09 Feb 2004 13:40:38 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0030)https://www.webavinet.com:444/ -->
<HTML><HEAD><TITLE>AviNet Mail Login</TITLE>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD>
<BODY text=#000000 vLink=#003366 aLink=#008fff link=#3333FF bgColor=#FFFFFF
background="/html/default/background.gif">
<FORM action=/MBX/ID=3A75A5FD method=post>
<p align="left"><img src="/html/default/mailbox.JPG" width="153" height="171"
alt="ARINC AviNet Mail">
<b><img src="/html/default/webmail3.JPG" width="367" height="166" align="top"
alt="ARINC AviNet Mail"></b></p>
<p align="left"><b><font face="Arial, Helvetica, sans-serif">Username:</font></b>
<font face="Arial, Helvetica, sans-serif">
<input align=middle size=35 name=User cols="35" rows="1">
<br>
<b>Password:</b>
<input type=password size=25 name=Password rows="1">
<input type=submit alt=Login align=bottom value="Log In" name=DoLogin2>
<INPUT type=hidden
value=/MBX/ID=3A75A5FD name=RequestURL>
<INPUT type=hidden name=SaveUser>
<INPUT
type=hidden value=DoItNow name=DoLogin>
<br>
<br>
<b>Please enter your AviNet user ID and password,<br>
then click the Log In button to enter the system.</b></font></p>
<p align="left"> <font size="-1" face="Arial, Helvetica, sans-serif">Visit <a
href="http://www.arinc.com";>ARINC's
Home Page</a>! </font> </p>
</FORM>
<p align="left"> <font face="Arial, Helvetica, sans-serif"><IMG alt=SSL
src="/html/default/ssl-lock.gif"
border=0 width="20" height="22"> Secure mode active.<br>
<HR><CENTER><img src="/ssl-lock.gif" alt="SSL" border=0> Secure mode
active.</CENTER>
<HR>
<CENTER>
Powered by Infinite InterChange (WebMail Interface) v3.61.02 -- © Copyright
1995-2000 by Infinite Technologies
</CENTER>
=============================================================================================
-----Original Message-----
From: Marc Concannon [mailto:[EMAIL PROTECTED]
Sent: Friday, February 06, 2004 20:09
To: [EMAIL PROTECTED]
Subject: SSLHandshakeException: Remote host closed connection during
handshake ????
Hi,
I'm having a few problems connecting to a https server.
I keep getting the following exception being thrown.
the address is: https://mail.webavinet.net/
It uses its own issued certificate so I'm using the easySSLProtocolSocketFactory to
get around
the fact that the cert is not trusted, but the problem is still there.
I'm using the simple sample code for connecting to a socket as supplied by the
commons/httpclient website (with mods for above).
It wouldn't be anything to do with the cert being 1024bit?
Anyone any ideas???
Thanks
Marc Concannon
Failed to download file.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at
org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1368)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:799)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2277)
at
org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2657)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1093)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:674)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
at
com.universalred.connectix.TcpConnectionManager.getHttpsConnection(TcpConnectionManager.java:184)
at
com.universalred.connectix.NewRequestManagement.newPositiveFileUpdate(NewRequestManagement.java:34)
at com.universalred.connectix.FileDirectoryMonitor.run(FileDirectoryMonitor.java:76)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 16 more
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
