[ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13631685#comment-13631685
 ] 

Juraj Martinka commented on HTTPCLIENT-1339:
--------------------------------------------

Hi, Oleg,

thank you very much for the investigation.
However, I'm still  not able to find the root cause of aforementioned error.
I tried to enable ssl debug via "-Djavax.net.debug=all" but didn't find 
anything useful in output, nor the "Remote host closed connection during 
handshake " you have mentioned.
In my case there is another error:

---
0040: 00 2F C0 04 C0 0E 00 33 
00A0 0 ......0 09 C0 13   10 00 11 00 02 00 12   00 04 00 05 00 14 00 
0pool-1-thread-262, handling exception: java.net.SocketException: Connection 
reset
7  pool-1-thread-262, SEND TLSv1 ALERT:  fatal, description = unexpected_message
: pool-1-thread-262, WRITE: TLSv1 Alert, length = 2
 00 0060pool-1-thread-262, Exception sending alert: java.net.SocketException: 
Broken pipe
00 0pool-1-thread-262, called closeSocket()
pool-1-thread-142, WRITE: TLSv1 Handshake, length = 163
0C: Cpool-1-thread-262, IOException in getSession():  java.net.SocketException: 
Connection reset
00 16  8:  pool-1-thread-262, called close()
 00pool-1-thread-262, called closeInternal(true)
  0D32. EF 7B 47 .pool-1-thread-262, called close()
----

I'm still wondering why there is no such issue with older HttpClient 3.x.
Do you have any further suggestions?


                
> SSLPeerUnverifiedException occurs randomly when calling resource via HTTPS
> --------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1339
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1339
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.2.3
>            Reporter: Juraj Martinka
>            Priority: Critical
>
> HttpClient (tested against 4.1 version and 4.2.3) suffers from 
> SSLPeerUnverifiedException.
> It can occur randomly, mainly when calling some secured resource in a 
> concurrent fashion.
> However, each time there is a new HttpClient instance some this might not be 
> related to the threads issues.
> I've created two unit tests - 
> https://gist.github.com/jumarko/34c20054d3d85eaff5a7
> * HttpClientPeerUnverifiedTest - using HttpClient 4.x errors occures in a 
> random fashion -> sometimes zero failures, but more often than not there  is 
> at least one SSLPeerUnverifiedException
> * OldHttpClientPeerUnverifiedTest - using HttpClient 3.1 everything is 
> working OK
> Stacktrace:
> {code}
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at 
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
> at 
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
> at 
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> at 
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> at 
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641)
> at 
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
> at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066)
> at 
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1044)
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to