[
https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13113951#comment-13113951
]
Oleg Kalnichevski commented on HTTPCLIENT-1091:
-----------------------------------------------
David
Per default HttpClient 4.x does not take system properties into consideration
as access to system properties may be restricted in managed environments.
Therefore one is advised to explicitly set up SSL context using whatever
initialization logic deemed appropriate for a particular application. As of
next feature release (4.2) HttpClient will provide a factory method to create
DefaultHttpClient instances pre-configured based on system properties (see
HTTPCLIENT-1128).
Oleg
> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x,
> used to work with 4.0.x
> -------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1091
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Yuri Manusov
> Attachments: ClientConnectionTest.java, clientKeyStore.p12,
> clientTrustStore.jks, openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do
> that with versions 4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the
> exception:
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
> at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool
> (script will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach
> ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2
> way authentication (clientAuth="true").
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
