[
https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034701#comment-13034701
]
Anton Khitrenovich commented on HTTPCLIENT-1091:
------------------------------------------------
@Oleg:
1) Can you please explain what do you mean by "can potentially be Java runtime
specific"? I feel that I do not fully understand the difference between relying
on HttpsURLConnection#getDefaultSSLSocketFactory() or on SSLContext...
2) Do you mean that SSLContext ignores keystore-related system properties? It
sounds like Sun's JRE bug... I tried to check SDN bug database, and there is
nothing related there. Also, it works the same way in both Java 5 and Java 6.
Maybe this is by design? Any chance that the strange behavior is related to the
way that HttpClient uses SSLContext?
Thanks!
> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x,
> used to work with 4.0.x
> -------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1091
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Yuri Manusov
> Attachments: ClientConnectionTest.java, clientKeyStore.p12,
> clientTrustStore.jks, openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do
> that with versions 4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the
> exception:
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
> at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool
> (script will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach
> ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2
> way authentication (clientAuth="true").
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
