[
https://issues.apache.org/jira/browse/HTTPASYNC-111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPASYNC-111.
-----------------------------------------
Resolution: Information Provided
> SSL issue using SSLIOSessionStrategy and PoolingNHttpClientConnectionManager
> ----------------------------------------------------------------------------
>
> Key: HTTPASYNC-111
> URL: https://issues.apache.org/jira/browse/HTTPASYNC-111
> Project: HttpComponents HttpAsyncClient
> Issue Type: Bug
> Affects Versions: 4.1.1
> Reporter: sudhish
>
> I am new to this so please pardon (and also educate me) if I am doing this
> wrong on this board.
> I am running on WebSphere application server (v 8.5.1) and Java 1.6
> I found an issue using the async client.. My code looks like this.
> Registry<SchemeIOSessionStrategy> sessionStrategyRegistry =
> RegistryBuilder.<SchemeIOSessionStrategy>create()
> .register("http", NoopIOSessionStrategy.INSTANCE)
> .register("https",
> SSLIOSessionStrategy.getSystemDefaultStrategy())
> .build();
> IOReactorConfig ioReactorConfig =
> IOReactorConfig.custom()
>
> .setIoThreadCount(Runtime.getRuntime().availableProcessors())
> .setConnectTimeout(30000)
> .setSoTimeout(30000)
> .build();
>
> ConnectingIOReactor ioReactor = new
> DefaultConnectingIOReactor(ioReactorConfig);
>
> PoolingNHttpClientConnectionManager connManager = new
> PoolingNHttpClientConnectionManager(
> ioReactor, sessionStrategyRegistry);
> connManager.setDefaultMaxPerRoute(2);
> connManager.setMaxTotal(20);
>
>
>
> closeableHttpAsyncClient = HttpAsyncClientBuilder.create()
>
> .setDefaultRequestConfig(RequestConfig.custom()
>
> .setConnectionRequestTimeout(30000)
>
> .setConnectTimeout(30000)
> .setSocketTimeout(60000)
>
> .setCookieSpec(CookieSpecs.IGNORE_COOKIES)
> .build())
> .setConnectionManager(connManager)
>
> .build();
> When I execute
> Future<HttpResponse> future = closeableHttpAsyncClient.execute(request1,
> null);
> It fails with a
> aused by:
> java.security.cert.CertPathValidatorException: The certificate issued by
> CN=Principal Root CA G2 is not trusted; internal cause is:
> java.security.cert.CertPathValidatorException: Certificate chaining
> error
> at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
> at
> com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
> at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
> at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
> at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
> at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356)
> ... 25 more
> Caused by:
> java.security.cert.CertPathValidatorException: Certificate chaining error
> at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)
> at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
> ... 30 more
> My certs are ok.
> Without using Asycn client. When I run using non-async client. It works
> (working code below). Since I am in WebSphere and it makes it own
> configurations for SSL. I was forced to use
> SSLConnectionSocketFactory.getSystemSocketFactory() <-- Without this, I get
> the same error as above.
> CloseableHttpClient client = HttpClients.custom()
>
> .setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()) //
> this line is key!
> .build();
> final HttpGet request1 = new HttpGet(Url);
> CloseableHttpResponse resp = client.execute(request1);
> I went through all your examples and under the assumption that
> SSLCOntext.createSystemDefault() should exhibit the same behaviour as
> SSLConnectionSocketFactory.getSystemSocketFactory() ?..
> It appears its not? Am I missing something?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
