[
https://issues.apache.org/jira/browse/HTTPCLIENT-783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-783.
------------------------------------------
Resolution: Invalid
One _must_ use a relative request URI when providing a custom HostConfiguration
object. Alternatively one could use HostConfigurationWithStickyProtocol from
the contrib package as a workaround.
http://svn.apache.org/repos/asf/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/HostConfigurationWithStickyProtocol.java
Oleg
> PostMethod constructor argument "uri" fails when uri is absolute, and a
> custom protocol is set via getHostConfiguration().setHost()
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-783
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-783
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 3.1 Final
> Environment: Windows XP, Java 1.6
> Reporter: Robert Christian
> Priority: Minor
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> 1. Follow SSL configuration as prescribed in the HTTPClient SSL
> documentation at http://hc.apache.org/httpclient-3.x/sslguide.html.
> 2. Use a PostMethod instead of Get.
> 3. Change the URL to absolute. The JavaDocs say the URI can be absolute or
> relative. Construction with an absolute URI works when there is no custom
> protocol/socket factory.
> See that *only* when there is an absolute path, the default cacerts is used
> instead of the specified trust store. This is because the HTTPClient
> framework will completely bypass the custom protocol factory impl when there
> is an absolute URL. If the server's certificate is not in the cacerts file,
> an exception is thrown:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target.
> Whether this is a bug is sort of a grey area, but it is a source of
> confusion. Would be a good idea to at least note this in the documentation.
> Stack trace:
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 18 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 24 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
