Hi Oleg,
With the exact same setting, the SSL connection (using client cert
authentication) works with httpclient 3.6 but not with 4.1.1.
System info:
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) 64-Bit Server VM (build 19.0-b09, mixed mode)
Attached the entire log. Below are the code and log snippets:
Using httpclient 4.1.1:--------------------------------
Code:
DefaultHttpClient httpclient = new DefaultHttpClient();
Scheme sch = new Scheme("https",
SSLSocketFactory.getSocketFactory(),
443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
HttpGet req = new HttpGet(uriPath);
HttpHost target = new HttpHost(host, 443,"https");
HttpResponse rsp = httpclient.execute(target, req);
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data: { 91, 80, 101, 35, 121, 76, 219, 71, 238, 142, 6, 213 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 18
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal
alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:755)
at
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:149)
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:110)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:260)
at
org.apache.http.impl.conn.DefaultResponseParser.parseHead(DefaultResponseParser.java:98)
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:252)
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:281)
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:247)
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:298)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:776)
at
edu.washington.cac.shared.httpclient.ClientExecuteDirect.main(Unknown Source)
Using httpclient 3.6: ------------------------------------------
Code:
HostConfiguration hc = new HostConfiguration();
hc.setHost(host, 443, "https");
GetMethod method = new GetMethod(uriPath);
HttpClient client = new HttpClient();
try{
client.executeMethod(hc, method);
...
... no IV used for this cipher
*** CertificateVerify
main, WRITE: TLSv1 Handshake, length = 150
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data: { 73, 248, 55, 193, 151, 252, 147, 19, 215, 197, 255, 98 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 17
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 123, 230, 73, 179, 151, 219, 30, 164, 45, 74, 61, 12 }
***
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, READ: TLSv1 Application Data, length = 176
main, READ: TLSv1 Application Data, length = 2077
*** Request ***
......
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
