Just thought I'd add a post-script to all of this. The IBM 1.4.x JVM, when
acting as an SSL client, is quite picky about the certificate chain that the
server presents. If the server includes some stray certificates in the
chain, IBM will blowup.
But it takes a little while to blowup:
SSLSocket s = factory.createSocket( host, port );
// okay, we're still okay
SSLSession session = s.getSession();
// still okay! No exceptions thrown! But session is null. Uh oh.
InputStream in = s.getInputStream();
// Still no exceptions thrown! Wow, IBM is a survivor.
in.available();
// ! * BOOM * !
javax.net.ssl.SSLHandshakeException: bad certificate
at com.ibm.jsse.bv.a(Unknown Source)
at com.ibm.jsse.a.a(Unknown Source)
at com.ibm.jsse.a.available(Unknown Source)
This has implications for the patch I submitted regarding HTTPCLIENT-613:
http://issues.apache.org/jira/browse/HTTPCLIENT-613
We should call "s.getInputStream().available()" before checking the
hostname. That way if people are on IBM-1.4.x, it turns the stacktrace into
something they can google for, instead of an NPE or other un-helpful
stacktrace.
--
yours,
Julius Davies
416-652-0183
http://juliusdavies.ca/
