[
https://issues.apache.org/jira/browse/HTTPCORE-660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271231#comment-17271231
]
Per-Ivar Bakke commented on HTTPCORE-660:
-----------------------------------------
[~olegk] I have no clue. In fact, CXF is actually catching an SSLException an
re-throwing the RuntimeException
[here|https://github.com/apache/cxf/blob/3.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java#L98].
I have found a work around on my side implementing a custom hostname verifier
(see Kotlin code below) and using that instead of the CXF
DefaultHostnameVerifier. That said, I (and maybe others) would still appreciate
a fix in HttpCore NIO to work with default CXF configuration.
{code:java}
class CustomHostnameVerifier private constructor() : HostnameVerifier {
companion object {
val INSTANCE = CustomHostnameVerifier()
}
private val defaultHostnameVerifier = DefaultHostnameVerifier()
override fun verify(hostname: String?, session: SSLSession?): Boolean {
return try {
defaultHostnameVerifier.verify(hostname, session)
} catch (ex: RuntimeException) {
throw SSLException("Could not verify host: hostname=$hostname", ex)
}
}
}
{code}
> RuntimeException: HostnameVerifier, socket reset for TTL - Not Handled by
> SSIOSession
> -------------------------------------------------------------------------------------
>
> Key: HTTPCORE-660
> URL: https://issues.apache.org/jira/browse/HTTPCORE-660
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.4.13
> Environment: CXF version 3.4.1
> httpcore-nio version 4.4.13
> httpasyncclient version 4.1.4
> Reporter: Per-Ivar Bakke
> Priority: Major
>
> The below exception should be handled by httpcore to keep the i/o reactor
> going. This issue is partly solved in
> [HTTPCORE-268|https://issues.apache.org/jira/browse/HTTPCORE-268], but
> unfortunately the call in line [371 in
> SSIOSession|https://github.com/apache/httpcomponents-core/blob/4.4.x/httpcore-nio/src/main/java/org/apache/http/nio/reactor/ssl/SSLIOSession.java#L371]
> is not wrapped causing a RuntimeException (thrown by CXF) to reach the
> IOReactor. The issue occurs if a request is made towards a server having a
> certificate with non-matching host (for instance
> [https://wrong.host.badssl.com|https://wrong.host.badssl.com/]).
> {quote}
> org.apache.http.nio.reactor.IOReactorException: I/O dispatch worker
> terminated abnormally
> at
> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:359)
> ~[httpcore-nio-4.4.13.jar:4.4.13]
> at
> org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:221)
> ~[httpasyncclient-4.1.4.jar:4.1.4]
> at
> org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64)
> [httpasyncclient-4.1.4.jar:4.1.4]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.RuntimeException: HostnameVerifier, socket reset for TTL
> at
> org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:98)
> ~[cxf-rt-transports-http-3.4.1.jar:3.4.1]
> at
> org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit$AsyncWrappedOutputStream$5.verifySession(AsyncHTTPConduit.java:557)
> ~[cxf-rt-transports-http-hc-3.4.1.jar:3.4.1]
> at
> org.apache.http.nio.conn.ssl.SSLIOSessionStrategy$1.verify(SSLIOSessionStrategy.java:188)
> ~[httpasyncclient-4.1.4.jar:4.1.4]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:371)
> ~[httpcore-nio-4.4.13.jar:4.4.13]
> at
> org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:537)
> ~[httpcore-nio-4.4.13.jar:4.4.13]
> at
> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
> ~[httpcore-nio-4.4.13.jar:4.4.13]
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
