Hi Oleg, the https access via a proxy does work now! You were right, my proxy itercepted the ssl traffic and used an untrusted certificate.
Many thanks for your patient help! Cheers, --Stefan Am 01.12.2009 21:37, schrieb Oleg Kalnichevski: > Stefan Wachter wrote: >> Hi Oleg, >> >> I am sorry for bothering you. I think I understand now. In order to have >> an https connection to a target host via a proxy the proxy is accessed >> by http marking the route as being secure, tunneled, and layered. Thank >> your for making this clear to me. >> >> This leaves me with the SSLPeerUnverifiedException. I switched on SSL >> debugging by setting "-Djavax.net.debug=all". From the log it seems that >> the problem is caused by the certificate that the proxy server uses. In >> a former post you asked if the CONNECT succeedes. As far as I can >> interpret the log it seems that the CONNECT fails. > > Post the log > > The target host I >> want to reach (https://www.gmx.net) does not appear in the log at all. >> >> I do not understand why the certificate of the proxy does matter. After >> all the connection to the proxy should be done by http. >> > > It is very likely that the proxy inserts itself as a man-in-the-middle > by intercepting and rewriting SSL packets. > > >> (BTW: If I use the proxy by a browser I can access the target host >> https://www.gmx.net.) >> >> Please give me some more insight! >> >> Cheers, >> --Stefan >> >> *** Certificate chain >> chain [0] = [ >> [ >> Version: V3 >> Subject: [email protected], >> CN=WebScarab, OU=WebScarab, O=Open Web Application Security Project, >> L=Johannesburg, ST=Gauteng, C=ZA >> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 >> > > Is this certificate trusted? I am pretty sure it is not trusted by JRE > per default. > > >> Key: Sun RSA public key, 1024 bits >> modulus: >> 154623964938145369797219612839395417706134608433089443549809415871369366723673817041648156759869165956480706191296755342245066633311162904277499876116164772710364652941103434840470861083851860427495958630646686012271912459851197852364216947956958537100938424770176632556183958666972394630932757389391348203517 >> >> public exponent: 65537 >> Validity: [From: Thu Apr 01 14:45:59 CEST 2004, >> To: Sun Mar 30 14:45:59 CEST 2014] >> Issuer: [email protected], >> CN=WebScarab, OU=WebScarab, O=Open Web Application Security Project, >> L=Johannesburg, ST=Gauteng, C=ZA >> SerialNumber: [ 00] >> >> Certificate Extensions: 3 >> [1]: ObjectId: 2.5.29.14 Criticality=false >> SubjectKeyIdentifier [ >> KeyIdentifier [ >> 0000: C5 2E DC 77 1B 2D 4B A5 C9 F7 79 E9 26 38 5C D2 >> ...w.-K...y.&8\. >> 0010: 3B C5 46 88 ;.F. >> ] >> ] >> >> [2]: ObjectId: 2.5.29.35 Criticality=false >> AuthorityKeyIdentifier [ >> KeyIdentifier [ >> 0000: C5 2E DC 77 1B 2D 4B A5 C9 F7 79 E9 26 38 5C D2 >> ...w.-K...y.&8\. >> 0010: 3B C5 46 88 ;.F. >> ] >> >> [[email protected], CN=WebScarab, >> OU=WebScarab, O=Open Web Application Security Project, L=Johannesburg, >> ST=Gauteng, C=ZA] >> SerialNumber: [ 00] >> ] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
