[
https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034814#comment-13034814
]
Anton Khitrenovich commented on HTTPCLIENT-1091:
------------------------------------------------
> I remember having bizarre issues with the behaviour of this method in IBM
> JREs.
The actual implementation of SSLContext is also vendor-specific, so there is
always possibility to run into vendor-specific bugs with current implementation
also.
> > Any chance that the strange behavior is related to the way that HttpClient
> > uses SSLContext?
> I certainly cannot rule that out. Feel free to review the code and let me
> know if you find any improper use of JSSE API.
We do not pretend to be JSSE experts and do not really know the HttpClient
internals.
If you say that you cannot think about improper JSSE use - I'm pretty sure we
will not find one also, but we’ll take a look.
> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x,
> used to work with 4.0.x
> -------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1091
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Yuri Manusov
> Attachments: ClientConnectionTest.java, clientKeyStore.p12,
> clientTrustStore.jks, openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do
> that with versions 4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the
> exception:
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
> at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool
> (script will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach
> ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2
> way authentication (clientAuth="true").
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
