Stefan Wachter wrote:
Hi Oleg,
I am sorry for bothering you. I think I understand now. In order to have
an https connection to a target host via a proxy the proxy is accessed
by http marking the route as being secure, tunneled, and layered. Thank
your for making this clear to me.
This leaves me with the SSLPeerUnverifiedException. I switched on SSL
debugging by setting "-Djavax.net.debug=all". From the log it seems that
the problem is caused by the certificate that the proxy server uses. In
a former post you asked if the CONNECT succeedes. As far as I can
interpret the log it seems that the CONNECT fails.
Post the log
The target host I
want to reach (https://www.gmx.net) does not appear in the log at all.
I do not understand why the certificate of the proxy does matter. After
all the connection to the proxy should be done by http.
It is very likely that the proxy inserts itself as a man-in-the-middle
by intercepting and rewriting SSL packets.
(BTW: If I use the proxy by a browser I can access the target host
https://www.gmx.net.)
Please give me some more insight!
Cheers,
--Stefan
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: [email protected],
CN=WebScarab, OU=WebScarab, O=Open Web Application Security Project,
L=Johannesburg, ST=Gauteng, C=ZA
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Is this certificate trusted? I am pretty sure it is not trusted by JRE
per default.
Key: Sun RSA public key, 1024 bits
modulus:
154623964938145369797219612839395417706134608433089443549809415871369366723673817041648156759869165956480706191296755342245066633311162904277499876116164772710364652941103434840470861083851860427495958630646686012271912459851197852364216947956958537100938424770176632556183958666972394630932757389391348203517
public exponent: 65537
Validity: [From: Thu Apr 01 14:45:59 CEST 2004,
To: Sun Mar 30 14:45:59 CEST 2014]
Issuer: [email protected],
CN=WebScarab, OU=WebScarab, O=Open Web Application Security Project,
L=Johannesburg, ST=Gauteng, C=ZA
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C5 2E DC 77 1B 2D 4B A5 C9 F7 79 E9 26 38 5C D2 ...w.-K...y.&8\.
0010: 3B C5 46 88 ;.F.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C5 2E DC 77 1B 2D 4B A5 C9 F7 79 E9 26 38 5C D2 ...w.-K...y.&8\.
0010: 3B C5 46 88 ;.F.
]
[[email protected], CN=WebScarab,
OU=WebScarab, O=Open Web Application Security Project, L=Johannesburg,
ST=Gauteng, C=ZA]
SerialNumber: [ 00]
]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
