olegk wrote:
>
> Try running you code with the SSL debug enabled to get more details
> about the trust material sent by the server during the SSL handshake.
>
> Oleg
>
Below is the debug output of the handshake from the 4.0.1 (which succeeds)
and the 4.1 (that fails). If you need more, please let me know. I really
appreciate any help.
4.0.1 Success
DEBUG [2011-03-08 10:11:39]
[org.apache.http.impl.conn.SingleClientConnManager] Get connection for route
HttpRoute[{s}->https://SCRUBBED:8140]
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1299604300 bytes = { 56, 69, 171, 192, 81, 150, 1,
51, 148, 122, 219, 92, 104, 240, 83, 119, 239, 134, 243, 194, 25, 4, 204,
78, 207, 154, 158, 109 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 4D 76 63 4C 38 45 AB C0 51 96
...K..MvcL8E..Q.
0010: 01 33 94 7A DB 5C 68 F0 53 77 EF 86 F3 C2 19 04
.3.z.\h.Sw......
0020: CC 4E CF 9A 9E 6D 00 00 24 00 04 00 05 00 2F 00
.N...m..$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00
5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
main, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B...
.......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00
..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13
2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02
.....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 4D 76 63 4C 38
...........MvcL8
0050: 45 AB C0 51 96 01 33 94 7A DB 5C 68 F0 53 77 EF
E..Q..3.z.\h.Sw.
0060: 86 F3 C2 19 04 CC 4E CF 9A 9E 6D ......N...m
main, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B...
.....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39
....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00
..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00
.......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 4D 76 63
.............Mvc
0050: 4C 38 45 AB C0 51 96 01 33 94 7A DB 5C 68 F0 53
L8E..Q..3.z.\h.S
0060: 77 EF 86 F3 C2 19 04 CC 4E CF 9A 9E 6D w.......N...m
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 4D 76 62 42 57 B1 AF A4 0E 69
...F..MvbBW....i
0010: F4 C6 3B B3 1B EB 16 CF AE 01 DD E1 74 1A 1A 27
..;.........t..'
0020: 03 C3 C9 EB D3 87 20 38 B4 66 57 D4 3D 95 14 B6 ......
8.fW.=...
0030: 02 92 A3 9A D2 BB EE A4 3F 90 C6 3B 4C B1 94 F5
........?..;L...
0040: DF 34 8F 53 B3 84 F5 00 04 00 .4.S......
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1299604034 bytes = { 87, 177, 175, 164, 14, 105,
244, 198, 59, 179, 27, 235, 22, 207, 174, 1, 221, 225, 116, 26, 26, 39, 3,
195, 201, 235, 211, 135 }
Session ID: {56, 180, 102, 87, 212, 61, 149, 20, 182, 2, 146, 163, 154,
210, 187, 238, 164, 63, 144, 198, 59, 76, 177, 148, 245, 223, 52, 143, 83,
179, 132, 245}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
4.1 Failure
DEBUG [2011-03-08 10:09:33]
[org.apache.http.impl.conn.SingleClientConnManager] Get connection for route
HttpRoute[{s}->https://SCRUBBED:8140]
DEBUG [2011-03-08 10:09:33]
[org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to
SCRUBBED/IPADDRSCRUBBED:8140
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1299603917 bytes = { 223, 239, 55, 100, 246, 87, 34,
54, 117, 35, 249, 56, 223, 119, 72, 23, 219, 220, 23, 74, 131, 189, 167, 80,
105, 234, 59, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 4D 76 62 CD DF EF 37 64 F6 57
...K..Mvb...7d.W
0010: 22 36 75 23 F9 38 DF 77 48 17 DB DC 17 4A 83 BD
"6u#.8.wH....J..
0020: A7 50 69 EA 3B CF 00 00 24 00 04 00 05 00 2F 00
.Pi.;...$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00
5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
main, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B...
.......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00
..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13
2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02
.....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 4D 76 62 CD DF
...........Mvb..
0050: EF 37 64 F6 57 22 36 75 23 F9 38 DF 77 48 17 DB
.7d.W"6u#.8.wH..
0060: DC 17 4A 83 BD A7 50 69 EA 3B CF ..J...Pi.;.
main, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B...
.....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39
....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00
..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00
.......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 4D 76 62
.............Mvb
0050: CD DF EF 37 64 F6 57 22 36 75 23 F9 38 DF 77 48
...7d.W"6u#.8.wH
0060: 17 DB DC 17 4A 83 BD A7 50 69 EA 3B CF ....J...Pi.;.
main, handling exception: java.net.SocketException: Software caused
connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused
connection abort: socket write error
main, called closeSocket()
main, IOException in getSession(): java.net.SocketException: Software
caused connection abort: recv failed
main, called close()
main, called closeInternal(true)
DEBUG [2011-03-08 10:09:33]
[org.apache.http.impl.conn.DefaultClientConnection] Connection closed
DEBUG [2011-03-08 10:09:33]
[org.apache.http.impl.conn.DefaultClientConnection] Connection shut down
DEBUG [2011-03-08 10:09:33]
[org.apache.http.impl.conn.SingleClientConnManager] Releasing connection
org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@d0a5d9
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at
com.hp.arm.intg.deployer.puppet.prototype.AbstractPuppetRestClient.doGet(AbstractPuppetRestClient.java:88)
at
com.hp.arm.intg.deployer.puppet.prototype.PuppetMasterRestClient.getCatalog(PuppetMasterRestClient.java:36)
at
com.hp.arm.intg.deployer.puppet.prototype.PuppetMasterRestClient.main(PuppetMasterRestClient.java:19)
--
View this message in context:
http://old.nabble.com/SSL-Mutual-Authentication-Code-worked-in-4.0.1-but-fails-in-4.1-tp31092864p31099177.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
