[
https://issues.apache.org/jira/browse/HTTPCLIENT-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13628981#comment-13628981
]
Oleg Kalnichevski commented on HTTPCLIENT-1339:
-----------------------------------------------
(1) Both of your tests make no attempts to consume response content and ensure
proper deallocation of resources and therefore are already suspect.
(2) DO NOT bombard Google servers with requests in a tight loop and expect
everything to be peachy. Google will find out you are doing something silly and
will start blocking your connections.
I will close this issue as invalid unless you manage to provide a better
evidence supporting your claim of a critical issue in HttpClient code.
Oleg
> SSLPeerUnverifiedException occurs randomly when calling resource via HTTPS
> --------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1339
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1339
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.2.3
> Reporter: Juraj Martinka
> Priority: Critical
>
> HttpClient (tested against 4.1 version and 4.2.3) suffers from
> SSLPeerUnverifiedException.
> It can occur randomly, mainly when calling some secured resource in a
> concurrent fashion.
> However, each time there is a new HttpClient instance some this might not be
> related to the threads issues.
> I've created two unit tests -
> https://gist.github.com/jumarko/34c20054d3d85eaff5a7
> * HttpClientPeerUnverifiedTest - using HttpClient 4.x errors occures in a
> random fashion -> sometimes zero failures, but more often than not there is
> at least one SSLPeerUnverifiedException
> * OldHttpClientPeerUnverifiedTest - using HttpClient 3.1 everything is
> working OK
> Stacktrace:
> {code}
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1044)
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
