[jira] [Resolved] (HTTPCLIENT-1320) SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed

Sat, 09 Feb 2013 10:37:13 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1320.
-------------------------------------------

       Resolution: Fixed
    Fix Version/s: 4.3 Alpha2
                   4.2.4

Committed to SVN trunk and 4.2.x. Many thanks, Abe, for contributing the fix.

Oleg
                
> SSLSocketFactory.createSystemSSLContext causes 
> java.security.UnrecoverableKeyException: Password verification failed
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1320
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1320
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.2, 4.2.3, 4.2.4, 4.3 Alpha1, 4.3 Alpha2, 4.3 Final
>         Environment: Java System Property javax.net.ssl.trustStore is set, 
> but javax.net.ssl.trustStorePassword is not.
>            Reporter: Abe Backus
>             Fix For: 4.2.4, 4.3 Alpha2
>
>         Attachments: HTTPCLIENT_1320.java, HTTPCLIENT-1320.patch
>
>
> When the Java System property "javax.net.ssl.trustStore" is specified, but 
> "javax.net.ssl.trustStorePassword" is not, requests are encountering the 
> exception listed below. This is reproducible in version 4.2.1 and looking at 
> the relevant code, it should also be reproducible in all other versions as 
> well.
> This appears to be fixed if the password value for loading the keystore falls 
> back to *null* instead of the empty string. I'm not sure if this problem also 
> exists with the "javax.net.ssl.keyStore" logic as well, but I suspect it does.
> The workaround is to set the "javax.net.ssl.trustStorePassword" 
> appropriately, assuming that you know the correct value.
> Caused by: java.io.IOException: Keystore was tampered with, or password was 
> incorrect
>       at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
>       at 
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
>       at java.security.KeyStore.load(KeyStore.java:1185)
>       at 
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
>       at 
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
>       ... 37 more
> Caused by: java.security.UnrecoverableKeyException: Password verification 
> failed
>       at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
>       ... 41 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to