[
https://issues.apache.org/jira/browse/HTTPCLIENT-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13631576#comment-13631576
]
Oleg Kalnichevski commented on HTTPCLIENT-1339:
-----------------------------------------------
(1) I have zero tolerance to poor quality bug reports open with critical or
blocker priority. The responsibility of making a very solid case in case of a
claim of a critical bug rests with the reporter.
(2) HttpClient does not implement any custom SSL aspects. It merely makes use
of the standard JSSE services. Any SSL level exceptions in the overwhelming
majority cases have absolutely nothing to do with HttpClient _at all_.
Oleg
> SSLPeerUnverifiedException occurs randomly when calling resource via HTTPS
> --------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1339
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1339
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.2.3
> Reporter: Juraj Martinka
> Priority: Critical
>
> HttpClient (tested against 4.1 version and 4.2.3) suffers from
> SSLPeerUnverifiedException.
> It can occur randomly, mainly when calling some secured resource in a
> concurrent fashion.
> However, each time there is a new HttpClient instance some this might not be
> related to the threads issues.
> I've created two unit tests -
> https://gist.github.com/jumarko/34c20054d3d85eaff5a7
> * HttpClientPeerUnverifiedTest - using HttpClient 4.x errors occures in a
> random fashion -> sometimes zero failures, but more often than not there is
> at least one SSLPeerUnverifiedException
> * OldHttpClientPeerUnverifiedTest - using HttpClient 3.1 everything is
> working OK
> Stacktrace:
> {code}
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1044)
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
