HI All,
I found a very dirty workaround but at least it works for me.
I was not aware of the doNotValidateCertificate() API that Fred
mentioned.
I made a very small change (one line of code) to the SDK appengine-
api.jar.
I have decompiled com.google.appengine.api.urlfetch.HTTPRequest and
added the call to doNotValidateCertificate() on the FetchOptions in
the constructor:
public HTTPRequest(URL url, HTTPMethod method, FetchOptions
fetchOptions) {
payload = null;
this.url = url;
this.method = method;
this.fetchOptions = fetchOptions;
this.fetchOptions.doNotValidateCertificate(); \\ADDED BY ME
headers = new LinkedHashMap();
}
Then I repackaged the jar with my change and that solved the issue for
me - No certificate validation by default (Only on Dev server).
This way I don't have to change every piece of code that uses
URLFetchService with https and more important the production env still
makes sure the validation occurs.
Note that this solution will fix only flows where the URLFetchService
is used.
I do hope a better fix is provided by the App Engine team soon.
Thanx, Lior
On Feb 14, 11:22 pm, frew <[email protected]> wrote:
> Hey everybody,
>
> In order to help me diagnose the problems, could you respond with what
> JDK (Platform, JDK manufacturer (e.g. Sun, OpenJDK), and version)
> you're running? As a temporary stopgap, if you're using URLFetch
> service, you can use the doNotValidateCertificate() method in
> FetchOptions (http://code.google.com/appengine/docs/java/javadoc/com/
> google/appengine/api/urlfetch/FetchOptions.html) to disable
> validation.
>
> -Fred
>
> On Feb 13, 5:02 am, harri mauria <[email protected]> wrote:
>
>
>
>
>
>
>
> > I am having similar problems with the recently released version
> > com.google.appengine.eclipse.sdkbundle.1.4.2_1.4.2.v201102111811
> > Problems happen with the development server, not in production. I am
> > performing Facebook login credentials authentication in the callback
> > url. Interrupt stack is below:
>
> > HTTP ERROR 500
> > Problem accessing /loginfacebookcallback. Reason:
>
> > Could not verify SSL certificate
> > for:https://graph.facebook.com/oauth/access_token?omitted
>
> > Caused by:
> > javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate
> > for:https://graph.facebook.com/oauth/access_token?omitted
> > at
> > com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationExc
> > eption(URLFetchServiceImpl.java:
> > 114)
> > at
> > com.google.appengine.api.urlfetch.URLFetchServiceImpl.fetch(URLFetchService
> > Impl.java:
> > 41)
> > at
> > com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler
> > $Connection.fetchResponse(URLFetchServiceStreamHandler.java:418)
> > at
> > com.google.apphosting.utils.security.urlfetch.URLFetchServiceStreamHandler
> > $Connection.getInputStream(URLFetchServiceStreamHandler.java:297)
> > atwww.superpass.de.server.UrlFetcher.get(UrlFetcher.java:60)
>
> > Following message is printed to the console:
> > I/O exception (javax.net.ssl.SSLPeerUnverifiedException) caught when
> > processing request: HTTPS hostname invalid: expected
> > 'graph.facebook.com', received '*.facebook.com'
> > Retrying request
>
> > Regards, Harri
>
> > On Feb 13, 11:27 am, Lior Harsat <[email protected]> wrote:
>
> > > I am having a similar problem with https:
>
> > > I have been testing the SDK and I found one bug which seems critical.
> > > When I call the URLFetchService.fetch API with a https URL I get a
> > > javax.net.ssl.SSLHandshakeException.
> > > for example when I fetch "https://spreadsheets.google.com/feeds/
> > > list/...." I get
> > > javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate
> > > for:https://spreadsheets.google.com/feeds/list/...
> > > When I switch back to an older SDK this doesn't happen.
> > > Is there a "Help us test Prerelease SDK 1.4.2" thread I can post this
> > > to?
> > > Can anyone confirm this bug reproduces?
> > > Thanx, Lior
>
> > > On Feb 12, 11:57 am, Peter Liu <[email protected]> wrote:
>
> > > > We are using a custom remote delegate to route datastore rpc call to
> > > > live production test site on appspot. We did this because sometimes we
> > > > want to develop with live data.
>
> > > > However after upgrading to 1.4.2, https outbound call starts failing
> > > > (see below). If we change to http, then it works again.
>
> > > > It seems like some class is marked as restricted in this release. Is
> > > > it intentional? What's the reason behind not allowing outbound https
> > > > call?
>
> > > > Thanks.
>
> > > > java.lang.NoClassDefFoundError: javax.net.ssl.SSLHandshakeException is
> > > > a restricted class. Please see the Google App Engine developer's
> > > > guide for more details.
> > > > at
> > > > com.google.appengine.tools.development.agent.runtime.Runtime.reject(Runtime
> > > > .java:
> > > > 51)
> > > > at
> > > > com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationExc
> > > > eption(URLFetchServiceImpl.java:
> > > > 114)
> > > > at com.google.appengine.api.urlfetch.URLFetchServiceImpl.access
> > > > $100(URLFetchServiceImpl.java:22)
> > > > at com.google.appengine.api.urlfetch.URLFetchServiceImpl
> > > > $1.convertException(URLFetchServiceImpl.java:86)
> > > > at
> > > > com.google.appengine.api.utils.FutureWrapper.get(FutureWrapper.java:
> > > > 69)
> > > > at
> > > > com.pekca.main.delegate.RemoteDelegate$1.get(RemoteDelegate.java:
> > > > 163)
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
