On Sun, 2011-05-22 at 13:09 -0700, am am wrote: > Hi, > > I am using apache httpclient and I configure the ssl context to use my > keystore > and truststore. > The https server I am using is IIS7 and is configured to require client > authentication. I think I have set everything up properly from IIS part. > Anyway, if I configure the httpClent's ssl context with a keystore (i.e. with > client certificates) valid for IIS then there is no problem connecting. > > Now my problem is the following: > If I do NOT configure the ssl context with any client certificate to send to > IIS, there is no connection with the server. > > What makes me worry though, is the fact that I was expecting to see some java > exception in the code as a result of a hanshake failure alert. This exception > never occured. > Monitoring what is happening with wireshark, and using the private key to > decrypt the traces I saw a certificate request coming from IIS. > > The strange is that the httpclient replied with a Certificate message of > length > 0 instead of a NoCertificateAlert. > I think this is not correct. Per RFC it should be a NoCertificateAlert. Right? > Then IIS receiving the empty certificate message, does not raise a handshake > alert either, but both parts stop communicating. > > How is this behavior explained? I think that it is a bug from httpclient > part. > Shouldn't I see an SSL alert in this context?? > > > Thank you
HttpClient does not have any special SSL logic beyond a few utility constructors for SSLSocketFactory that simply SSLContext initialization. It merely leverages SSL capabilities provided by JRE. If there is a SSL protocol problem it must be either a configuration issue or a bug in JSSE implementation. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
