RE: Problems with HTTPS + Proxy + Authentication

Fri, 18 Oct 2002 12:35:11 -0700 

Replaced the previous code block to set https.proxyAuth with this:

        try { System.setProperty( "https.proxyAuth", "Basic " +
HTTPUtils.encodeAuth(proxyUserName, proxyPassword) ); }
        catch( Exception exx ) { System.err.println("encodeAuth exception: "
+ exx); System.exit(1); }

Now I'm getting a different result!

Caused by: javax.net.ssl.SSLHandshakeException: Couldn't find trusted
certificate

I think this means I'm getting through the proxy (good) but something else
is wrong (bad).  If so, I guess I need to start a new thread!

I don't have clientAuth turned on in the server (yet) so for some reason the
client doesn't like the certificate the server is presenting me.  This I
don't understand because my konqueror browser is able to connect to the soap
admin client fine.  AFAIK, JDK141 comes with all the appropriate cacerts I
need...

mike.

-----Original Message-----
From: Scott Nichol [mailto:snicholnews@;scottnichol.com]
Sent: Friday, October 18, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: Re: Problems with HTTPS + Proxy + Authentication


> Before, I tried it both ways, neither worked.  I just now added in the
> following code:
>
>         String password = " " + proxyUserName + ":" + " " +
proxyPassword;
>         BASE64Encoder B64Encoder = new BASE64Encoder ();
>         String encodedPassword = B64Encoder.encode( password.getBytes
());
>         System.setProperty( "https.proxyAuth", "Basic " +
encodedPassword );
>
> and I still get the same SOAPException. So, unless my code above is
wrong
> there's some other problem.

I wonder if the extra spaces when you create password are a problem.  As
an alternative, try calling this method in HTTPUtils to generate the
part after "Basic ":

   public static String encodeAuth(String userName, String password)

> As for the API I would prefer...IMO it would be best if the
> host/port/username/password parameters are set the same way,
regardless of
> whether the target is http or https.

Yeh, I think I will do that, since I think it is less confusing.  I get
the feeling that the SSL proxy code was added by someone who needed it,
but it has not really been used widely.

Scott Nichol



--
To unsubscribe, e-mail:   <mailto:soap-user-unsubscribe@;xml.apache.org>
For additional commands, e-mail: <mailto:soap-user-help@;xml.apache.org>

--
To unsubscribe, e-mail:   <mailto:soap-user-unsubscribe@;xml.apache.org>
For additional commands, e-mail: <mailto:soap-user-help@;xml.apache.org>

Reply via email to