[jira] Created: (HTTPCLIENT-783) PostMethod constructor argument "uri" fails when uri is absolute, and a custom protocol is set via getHostConfiguration().setHost()

[Robert Christian (JIRA)]

PostMethod constructor argument "uri" fails when uri is absolute, and a custom 
protocol is set via getHostConfiguration().setHost()
-----------------------------------------------------------------------------------------------------------------------------------

                 Key: HTTPCLIENT-783
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-783
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 3.1 Final
         Environment: Windows XP, Java 1.6
            Reporter: Robert Christian
            Priority: Minor


1.  Follow SSL configuration as prescribed in the HTTPClient SSL documentation 
at http://hc.apache.org/httpclient-3.x/sslguide.html.

2.  Use a PostMethod instead of Get.

3.  Change the URL to absolute.  The JavaDocs say the URI can be absolute or 
relative.  Construction with an absolute URI works when there is no custom 
protocol/socket factory.

See that *only* when there is an absolute path, the default cacerts is used 
instead of the specified trust store.  This is because the HTTPClient framework 
will completely bypass the custom protocol factory impl when there is an 
absolute URL.  If the server's certificate is not in the cacerts file, an 
exception is thrown:  
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target.

Whether this is a bug is sort of a grey area, but it is a source of confusion.  
Would be a good idea to at least note this in the documentation.

Stack trace:

Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown 
Source)
        at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown 
Source)
        at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown 
Source)
        ... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 24 more



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]