Hi Oleg, Thanks for your response. I was using relative path. I got the following exception thrown with debug turned on. Its throwing exception on session.getPeerCertificates() line, same exception if I use getCertificateChain() method. Is there anything that I am missing here.
********************************************************************************************************** enter GetMethod(String) at [2008-12-08 11:07:04,893] (org.apache.commons.httpclient.methods.GetMethod) Set parameter http.protocol.cookie-policy = rfc2109 at [2008-12-08 11:07:04,896] (org.apache.commons.httpclient.params.DefaultHttpParams) Set parameter http.method.retry-handler = [EMAIL PROTECTED] at [2008-12-08 11:07:04,896] (org.apache.commons.httpclient.params.DefaultHttpParams) enter HttpClient.executeMethod(HttpMethod) at [2008-12-08 11:07:04,897] (org.apache.commons.httpclient.HttpClient) enter HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState) at [2008-12-08 11:07:04,898] (org.apache.commons.httpclient.HttpClient) Attempt number 1 to process request at [2008-12-08 11:07:04,970] (org.apache.commons.httpclient.HttpMethodDirector) enter HttpConnection.open() at [2008-12-08 11:07:04,970] (org.apache.commons.httpclient.HttpConnection) Open connection to 171.69.71.167:8443 at [2008-12-08 11:07:04,971] (org.apache.commons.httpclient.HttpConnection) enter HttpConnection.closeSockedAndStreams() at [2008-12-08 11:07:06,095] (org.apache.commons.httpclient.HttpConnection) Closing the connection. at [2008-12-08 11:07:06,096] (org.apache.commons.httpclient.HttpMethodDirector) enter HttpConnection.close() at [2008-12-08 11:07:06,097] (org.apache.commons.httpclient.HttpConnection) enter HttpConnection.closeSockedAndStreams() at [2008-12-08 11:07:06,097] (org.apache.commons.httpclient.HttpConnection) I/O exception (javax.net.ssl.SSLPeerUnverifiedException) caught when processing request: peer not verified at [2008-12-08 11:07:06,099] (org.apache.commons.httpclient.HttpMethodDirector) peer not verified at [2008-12-08 11:07:06,106] (org.apache.commons.httpclient.HttpMethodDirector) javax.net.ssl.SSLPeerUnverifiedException: peer not verified gnu.javax.net.ssl.provider.Session.getPeerCertificates (Unknown Source) com.cisco.embedded.server.connection.http.StrictSSLProtocolSocketFactory.verifyHostname (Unknown Source) com.cisco.embedded.server.connection.http.StrictSSLProtocolSocketFactory.createSocket (Unknown Source) org.apache.commons.httpclient.HttpConnection.open (Unknown Source) org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry (Unknown Source) org.apache.commons.httpclient.HttpMethodDirector.executeMethod (Unknown Source) org.apache.commons.httpclient.HttpClient.executeMethod (Unknown Source) org.apache.commons.httpclient.HttpClient.executeMethod (Unknown Source) com.cisco.embedded.server.connection.http.HttpsConnection.doGet (Unknown Source) ********************************************************************************************************** thanks, Partha -----Original Message----- From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] Sent: Sunday, December 07, 2008 7:32 AM To: HttpComponents Project Subject: Re: Certificate Validation Partha Venkatavaradhan (pavenkat) wrote: > Is it mandatory that I call Protocol.registerProtocol(). No, it is not. Because I have the following lines in my code: > Protocol https = new Protocol("https", new > StrictSSLProtocolSocketFactory(), port); > //Protocol.registerProtocol("https", https); > client.getHostConfiguration().setHost(url.getHost(), > url.getPort(), https); > > The above code on Windows, doesn't perform the Hostname verification. Only > if I uncomment the call to registerProtocol, the hostname verification is > called. But on my target linux (IBM JRE), this call to registerProtocol > results in 'Peer not verified' exception. > When using a custom HostConfiguration make sure to use relative request URIs Oleg > Thanks in advance, > Partha > > -----Original Message----- > From: Partha Venkatavaradhan (pavenkat) > Sent: Wednesday, November 26, 2008 12:02 PM > To: HttpComponents Project > Subject: RE: Certificate Validation > > Hi, > > Looks like after I included the StrictSSLProtocolSocketFactory, now even a > valid certificate like Thawte is declared as 'Peer not verfied'. This > however works on a Windows machine. I am testing it on a Java ME edition and > there it fails. Any clues? > > Thanks, > Partha > > > -----Original Message----- > From: Ortwin Glück [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 18, 2008 1:34 AM > To: HttpComponents Project > Subject: Re: Certificate Validation > > Hi Partha, > > Please have a look at > http://hc.apache.org/httpclient-3.x/sslguide.html > and especially then > StrictSSLProtocolSocketFactory which is referenced there. > > Cheers, > > Ortwin > > Partha Venkatavaradhan (pavenkat) wrote: >> Hi, >> >> >> >> I am running a tomcat server that has a valid certificate from Thwate. >> In my HTTP client code I am letting the library handle the SSL >> validation and I am not using any custom trust validation. Now, >> everything works fine but the problem is precisely this. It works fine >> even when if I specify the IP address of the server in the URL. Since >> the certificate is signed against my server's domain name, if I access >> the URL with IP address I expect the library to throw exception as the >> domain names doesn't match. This is what precisely happens when I try >> to access the server from a browser by typing the server's IP address >> instead of the domain name. I get a warning message stating that the >> domain name and the URL that I entered doesn't match. >> >> >> >> Is there any way I let the library explicitly validate the domain name >> and throw me an exception in case it detects a mismatch? >> >> >> >> Thanks, >> >> Partha >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
