[
https://issues.apache.org/jira/browse/HTTPCLIENT-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski updated HTTPCLIENT-718:
-----------------------------------------
Summary: SSL verification has no effect when creating detached sockets
(was: SSL verification occurs before setSoTimeout, which can lead to hangs)
Apparently we have a bigger problem here. SSL host verification is completely
messed up at the moment. It is not executed at all when creating detached
sockets (which is what HttpClient does per default). SSL host verification
needs to be moved from the socket factory to an upper level (connection
operator or connection manager).
Oleg
> SSL verification has no effect when creating detached sockets
> -------------------------------------------------------------
>
> Key: HTTPCLIENT-718
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-718
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.0 Alpha 2
> Reporter: peter royal
> Fix For: 4.0 Alpha 3
>
>
> partial thread dump:
> at java.net.SocketInputStream.socketRead0(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:129)
> at
> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)
> - locked <0x00002aaab87d9de0> (a java.lang.Object)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
> - locked <0x00002aaab87d9dc0> (a java.lang.Object)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:1757)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:87)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:295)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:131)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:143)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:120)
> at
> org.apache.http.impl.client.DefaultClientRequestDirector.execute(DefaultClientRequestDirector.java:286)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:452)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:406)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:365)
> ... this is because in DefaultClientConnectionOperator, prepareSocket (which
> sets any configured timeouts) isn't called until after
> SocketFactory.connectSocket. When using SSLSocketFactory, the default
> behavior is to verify the hostname, which opens a connection, and can block
> indefinitely.
> Simple workaround is to use the AllowAllHostnameVerifier which doesn't do any
> verification.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
