You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by michael haeusler <ha...@ponton-consulting.de> on 2005/08/18 12:37:05 UTC
SSL via Proxy Problems
Hello,
I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
our application does not work correctly any more.
the http server that the application connects to requires SSL with
client-certificates.
without a http-proxy server there is no problem.
when using a http-proxy server, the result depends on the proxy server,
it either never responds, or a "peer not authenticated" exception is
thrown at the application.
here is log debug log:
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.protocol.version = HTTP/1.1
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.protocol.cookie-policy = rfc2109
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.protocol.element-charset = US-ASCII
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.protocol.content-charset = ISO-8859-1
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
HH:mm:ss z]
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.connection-manager.max-total = 500
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.connection.timeout = 60000
org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
Microsystems Inc.
org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
org.apache.commons.httpclient.HttpClient - 10000 - Operating system
name: Windows XP
org.apache.commons.httpclient.HttpClient - 10000 - Operating system
architecture: x86
org.apache.commons.httpclient.HttpClient - 10000 - Operating system
version: 5.1
org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores)
org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
factories, SSLv3, TLSv1)
org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
SUN's provider for RSA signatures
org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
Provider (implements DES, Triple DES, AES, Blowfish, PBE,
Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
(Kerberos v5)
org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle
Security Provider v1.29
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.socket.timeout = 0
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
PostMethod.clearRequestBody()
org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
enter EntityEnclosingMethod.clearRequestBody()
org.apache.commons.httpclient.HttpClient - 10000 - enter
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter
HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- HttpConnectionManager.getConnection: config =
HostConfiguration[host=https://localhost,
proxyHost=http://192.168.200.224:8888], timeout = 0
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- Allocating new connection,
hostConfig=HostConfiguration[host=https://localhost,
proxyHost=http://192.168.200.224:8888]
org.apache.commons.httpclient.HttpConnection - 10000 - enter
HttpConnection.open()
org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
to 192.168.200.224:8888
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
parameter http.socket.timeout = 0
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 -
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
PostMethod.clearRequestBody()
org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
enter EntityEnclosingMethod.clearRequestBody()
org.apache.commons.httpclient.HttpClient - 10000 - enter
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter
HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- HttpConnectionManager.getConnection: config =
HostConfiguration[host=https://localhost,
proxyHost=http://192.168.200.224:8888], timeout = 0
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
- Allocating new connection,
hostConfig=HostConfiguration[host=https://localhost,
proxyHost=http://192.168.200.224:8888]
org.apache.commons.httpclient.HttpConnection - 10000 - enter
HttpConnection.open()
org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
to 192.168.200.224:8888
org.apache.commons.httpclient.HttpConnection - 10000 - enter
HttpConnection.closeSockedAndStreams()
org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
connection.
org.apache.commons.httpclient.HttpConnection - 10000 - enter
HttpConnection.close()
org.apache.commons.httpclient.HttpConnection - 10000 - enter
HttpConnection.closeSockedAndStreams()
org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception
caught when processing request: peer not authenticated
org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
at
de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
at de.msg.j.run(Unknown Source)
org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL via Proxy Problems
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, Aug 18, 2005 at 03:02:36PM +0200, michael haeusler wrote:
> Hi,
>
> ok, I just found out the difference between client 2 and client 3.
> while debugging the http client I noticed that it didnt consider the
> protocol as secure since our SocketFactory used the interface
> ProtocolSocketFactory
> instead of SecureProtocolFactory.
> I doublechecked the old httpclient 2.0 and found that it based the
> security flag on the protocol name, which was "https".
> thats why it worked correct with httpclient 2.0
I do not think this is correct. HttpClient 2.0 has two versions of
Protocol#registerProtocol methods one taking the plain socket factory
as a parameter and another one taking the secure one. This can cause
problems as since the secure factory extends the plain one, one can end
up registering a secure protocol as an insecure one by mistake. This is
exactly what happended with your code.
HttpClient makes no assumption whether a protocol is secure or not based
on its name. HttpClient does register two protocols per default "http"
and "https", though, assuming https is meant to be a secure one
>
> it is in line with your last comment, so I just want to confirm that the
> interface SecureProtocolFactory was the
> problem.
>
Protocol#registerProtocol rather.
>
> however, I am a bit surprised that this only causes a problem with SSL
> via Proxy-Servers.
Here's my (un)infomed guess. I beleive HttpClient simply used your custom
socket factory to establish connection with the proxy (whereas it
should have used the plain one instead), and the proxy just happended to
support both SSL and plain connections on the same port. The SSL trust
manager in its turn refused to accept the proxy's certificate, hence the
exception. This is just a theory, so take it for what it is worth.
> I would expect that it doesnt work at all if an SSL connection is
> created using a Factory that only has the ProtcolSocketFactory interface.
>
> also after adjusting our code I found that new Protocol("https", new
> SSLProtocolSocketFactory(...)
> is now decrecated, does that make sense ?
We deprecated Protocol#registerProtocol(SecureProtocolSocketFactory) for
the reasons given above.
> that way the caller always has to cast the factory to a
> ProtocolSocketfactory to avoid the deprecated warning.
>
This is intended
> anyway, thanks for looking into this.
> now it works as intended.
>
Any time
Oleg
> Oleg Kalnichevski wrote:
>
> >On Thu, Aug 18, 2005 at 02:18:27PM +0200, michael haeusler wrote:
> >
> >
> >>Oleg,
> >>
> >>how could this be a problem of the SSL context if all works fine in
> >>client 3-rc3 without proxy,
> >>and also works fine in client 2 with or without proxy.
> >>
> >>
> >>
> >
> >Because this is what I see in the exception stack trace. Please review
> >the de.msg.transport.ssl.SSLProtocolSocketFactory class and make sure
> >that it correctly implements the SecureProtocolSocketFactory interface,
> >especially new methods introduced in 3.0
> >
> >Oleg
> >
> >
> >
> >>something must be different in client 3.
> >>
> >>Oleg Kalnichevski wrote:
> >>
> >>
> >>
> >>>Michael,
> >>>
> >>>This means one and only thing: misconfiguration of the SSL context,
> >>>which is strictly speaking not a problem with HttpClient. For details
> >>>see the SSL guide [1]. You might want to take a closer look at the
> >>>AuthSSLProtocolSocketFactory in particular.
> >>>
> >>>Hope this helps,
> >>>
> >>>Oleg
> >>>
> >>>[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
> >>>
> >>>
> >>>On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
> >>>
> >>>
> >>>
> >>>
> >>>>Hello,
> >>>>
> >>>>I noticed that after upgrading from http-client 2.0 to http-client
> >>>>3.0-rc3
> >>>>our application does not work correctly any more.
> >>>>
> >>>>the http server that the application connects to requires SSL with
> >>>>client-certificates.
> >>>>without a http-proxy server there is no problem.
> >>>>when using a http-proxy server, the result depends on the proxy server,
> >>>>it either never responds, or a "peer not authenticated" exception is
> >>>>thrown at the application.
> >>>>here is log debug log:
> >>>>
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.protocol.version = HTTP/1.1
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.connection-manager.class = class
> >>>>org.apache.commons.httpclient.SimpleHttpConnectionManager
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.protocol.cookie-policy = rfc2109
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.protocol.element-charset = US-ASCII
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.protocol.content-charset = ISO-8859-1
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.method.retry-handler =
> >>>>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
> >>>>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
> >>>>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
> >>>>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
> >>>>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
> >>>>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
> >>>>HH:mm:ss z]
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.connection-manager.max-per-host =
> >>>>{HostConfiguration[]=20}
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.connection-manager.max-total = 500
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.connection.timeout = 60000
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Java version:
> >>>>1.4.2_08
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
> >>>>Microsystems Inc.
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
> >>>>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>>>name: Windows XP
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>>>architecture: x86
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>>>version: 5.1
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
> >>>>key/parameter generation; DSA signing; SHA-1, MD5 digests;
> >>>>SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator;
> >>>>PKIX CertPathBuilder; LDAP, Collection CertStores)
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
> >>>>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
> >>>>factories, SSLv3, TLSv1)
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
> >>>>SUN's provider for RSA signatures
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
> >>>>Provider (implements DES, Triple DES, AES, Blowfish, PBE,
> >>>>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
> >>>>(Kerberos v5)
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29:
> >>>>BouncyCastle Security Provider v1.29
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.socket.timeout = 0
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> >>>>PostMethod.clearRequestBody()
> >>>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> >>>>enter EntityEnclosingMethod.clearRequestBody()
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - enter
> >>>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - HttpConnectionManager.getConnection: config =
> >>>>HostConfiguration[host=https://localhost,
> >>>>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - Allocating new connection,
> >>>>hostConfig=HostConfiguration[host=https://localhost,
> >>>>proxyHost=http://192.168.200.224:8888]
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>>>HttpConnection.open()
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> >>>>to 192.168.200.224:8888
> >>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>>>parameter http.socket.timeout = 0
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>>>HttpMethodBase.addRequestHeader(Header)
> >>>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> >>>>PostMethod.clearRequestBody()
> >>>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> >>>>enter EntityEnclosingMethod.clearRequestBody()
> >>>>org.apache.commons.httpclient.HttpClient - 10000 - enter
> >>>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - HttpConnectionManager.getConnection: config =
> >>>>HostConfiguration[host=https://localhost,
> >>>>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - enter
> >>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager -
> >>>>10000 - Allocating new connection,
> >>>>hostConfig=HostConfiguration[host=https://localhost,
> >>>>proxyHost=http://192.168.200.224:8888]
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>>>HttpConnection.open()
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> >>>>to 192.168.200.224:8888
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>>>HttpConnection.closeSockedAndStreams()
> >>>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
> >>>>connection.
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>>>HttpConnection.close()
> >>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>>>HttpConnection.closeSockedAndStreams()
> >>>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O
> >>>>exception caught when processing request: peer not authenticated
> >>>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
> >>>>authenticated
> >>>>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >>>>at
> >>>>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
> >>>>at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
> >>>>at
> >>>>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown
> >>>>Source)
> >>>>at
> >>>>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
> >>>>at
> >>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
> >>>>at
> >>>>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> >>>>at
> >>>>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> >>>>at
> >>>>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> >>>>at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
> >>>>at de.msg.j.run(Unknown Source)
> >>>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying
> >>>>request
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >>>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>Mit freundlichen Gr??en / Best Regards,
> >>Michael H?usler
> >>__________________________________________________________________
> >>Ponton Consulting GmbH voice: + 49.40.69213-340
> >>http://www.ponton-consulting.de/ fax: + 49.40.69213-355
> >>Dorotheenstra?e 60
> >>D-22301 Hamburg
> >> Ponton Consulting is a Member of C1 Group
> >>__________________________________________________________________
> >>
> >>HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
> >>Ponton Consulting is a Member of C1 Group (www.c1-group.com)
> >>__________________________________________________________________
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> >
>
> --
> Mit freundlichen Gr??en / Best Regards,
> Michael H?usler
> __________________________________________________________________
> Ponton Consulting GmbH voice: + 49.40.69213-340
> http://www.ponton-consulting.de/ fax: + 49.40.69213-355
> Dorotheenstra?e 60
> D-22301 Hamburg
> Ponton Consulting is a Member of C1 Group
> __________________________________________________________________
>
> HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
> Ponton Consulting is a Member of C1 Group (www.c1-group.com)
> __________________________________________________________________
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL via Proxy Problems
Posted by michael haeusler <ha...@ponton-consulting.de>.
Hi,
ok, I just found out the difference between client 2 and client 3.
while debugging the http client I noticed that it didnt consider the
protocol as secure since our SocketFactory used the interface
ProtocolSocketFactory
instead of SecureProtocolFactory.
I doublechecked the old httpclient 2.0 and found that it based the
security flag on the protocol name, which was "https".
thats why it worked correct with httpclient 2.0
it is in line with your last comment, so I just want to confirm that the
interface SecureProtocolFactory was the
problem.
however, I am a bit surprised that this only causes a problem with SSL
via Proxy-Servers.
I would expect that it doesnt work at all if an SSL connection is
created using a Factory that only has the ProtcolSocketFactory interface.
also after adjusting our code I found that new Protocol("https", new
SSLProtocolSocketFactory(...)
is now decrecated, does that make sense ?
that way the caller always has to cast the factory to a
ProtocolSocketfactory to avoid the deprecated warning.
anyway, thanks for looking into this.
now it works as intended.
Oleg Kalnichevski wrote:
>On Thu, Aug 18, 2005 at 02:18:27PM +0200, michael haeusler wrote:
>
>
>>Oleg,
>>
>>how could this be a problem of the SSL context if all works fine in
>>client 3-rc3 without proxy,
>>and also works fine in client 2 with or without proxy.
>>
>>
>>
>
>Because this is what I see in the exception stack trace. Please review
>the de.msg.transport.ssl.SSLProtocolSocketFactory class and make sure
>that it correctly implements the SecureProtocolSocketFactory interface,
>especially new methods introduced in 3.0
>
>Oleg
>
>
>
>>something must be different in client 3.
>>
>>Oleg Kalnichevski wrote:
>>
>>
>>
>>>Michael,
>>>
>>>This means one and only thing: misconfiguration of the SSL context,
>>>which is strictly speaking not a problem with HttpClient. For details
>>>see the SSL guide [1]. You might want to take a closer look at the
>>>AuthSSLProtocolSocketFactory in particular.
>>>
>>>Hope this helps,
>>>
>>>Oleg
>>>
>>>[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
>>>
>>>
>>>On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
>>>
>>>
>>>
>>>
>>>>Hello,
>>>>
>>>>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
>>>>our application does not work correctly any more.
>>>>
>>>>the http server that the application connects to requires SSL with
>>>>client-certificates.
>>>>without a http-proxy server there is no problem.
>>>>when using a http-proxy server, the result depends on the proxy server,
>>>>it either never responds, or a "peer not authenticated" exception is
>>>>thrown at the application.
>>>>here is log debug log:
>>>>
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.protocol.version = HTTP/1.1
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.connection-manager.class = class
>>>>org.apache.commons.httpclient.SimpleHttpConnectionManager
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.protocol.cookie-policy = rfc2109
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.protocol.element-charset = US-ASCII
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.protocol.content-charset = ISO-8859-1
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.method.retry-handler =
>>>>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
>>>>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
>>>>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
>>>>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
>>>>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
>>>>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
>>>>HH:mm:ss z]
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.connection-manager.max-total = 500
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.connection.timeout = 60000
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
>>>>Microsystems Inc.
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
>>>>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>>>name: Windows XP
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>>>architecture: x86
>>>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>>>version: 5.1
>>>>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
>>>>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
>>>>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
>>>>CertPathBuilder; LDAP, Collection CertStores)
>>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
>>>>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
>>>>factories, SSLv3, TLSv1)
>>>>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
>>>>SUN's provider for RSA signatures
>>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
>>>>Provider (implements DES, Triple DES, AES, Blowfish, PBE,
>>>>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
>>>>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
>>>>(Kerberos v5)
>>>>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle
>>>>Security Provider v1.29
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.socket.timeout = 0
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
>>>>PostMethod.clearRequestBody()
>>>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
>>>>enter EntityEnclosingMethod.clearRequestBody()
>>>>org.apache.commons.httpclient.HttpClient - 10000 - enter
>>>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- HttpConnectionManager.getConnection: config =
>>>>HostConfiguration[host=https://localhost,
>>>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- Allocating new connection,
>>>>hostConfig=HostConfiguration[host=https://localhost,
>>>>proxyHost=http://192.168.200.224:8888]
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>>>HttpConnection.open()
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
>>>>to 192.168.200.224:8888
>>>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>>>parameter http.socket.timeout = 0
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>>>HttpMethodBase.addRequestHeader(Header)
>>>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
>>>>PostMethod.clearRequestBody()
>>>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
>>>>enter EntityEnclosingMethod.clearRequestBody()
>>>>org.apache.commons.httpclient.HttpClient - 10000 - enter
>>>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- HttpConnectionManager.getConnection: config =
>>>>HostConfiguration[host=https://localhost,
>>>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- enter
>>>>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>>>- Allocating new connection,
>>>>hostConfig=HostConfiguration[host=https://localhost,
>>>>proxyHost=http://192.168.200.224:8888]
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>>>HttpConnection.open()
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
>>>>to 192.168.200.224:8888
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>>>HttpConnection.closeSockedAndStreams()
>>>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
>>>>connection.
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>>>HttpConnection.close()
>>>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>>>HttpConnection.closeSockedAndStreams()
>>>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception
>>>>caught when processing request: peer not authenticated
>>>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
>>>>authenticated
>>>>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> at
>>>>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
>>>> at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
>>>> at
>>>>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
>>>> at
>>>>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
>>>> at
>>>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
>>>> at
>>>>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
>>>> at
>>>>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
>>>> at
>>>>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
>>>> at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
>>>> at de.msg.j.run(Unknown Source)
>>>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying
>>>>request
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>>
>>--
>>Mit freundlichen Gr??en / Best Regards,
>>Michael H?usler
>>__________________________________________________________________
>>Ponton Consulting GmbH voice: + 49.40.69213-340
>>http://www.ponton-consulting.de/ fax: + 49.40.69213-355
>>Dorotheenstra?e 60
>>D-22301 Hamburg
>> Ponton Consulting is a Member of C1 Group
>>__________________________________________________________________
>>
>>HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
>>Ponton Consulting is a Member of C1 Group (www.c1-group.com)
>>__________________________________________________________________
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
--
Mit freundlichen Grüßen / Best Regards,
Michael Häusler
__________________________________________________________________
Ponton Consulting GmbH voice: + 49.40.69213-340
http://www.ponton-consulting.de/ fax: + 49.40.69213-355
Dorotheenstraße 60
D-22301 Hamburg
Ponton Consulting is a Member of C1 Group
__________________________________________________________________
HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
Ponton Consulting is a Member of C1 Group (www.c1-group.com)
__________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL via Proxy Problems
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, Aug 18, 2005 at 02:18:27PM +0200, michael haeusler wrote:
> Oleg,
>
> how could this be a problem of the SSL context if all works fine in
> client 3-rc3 without proxy,
> and also works fine in client 2 with or without proxy.
>
Because this is what I see in the exception stack trace. Please review
the de.msg.transport.ssl.SSLProtocolSocketFactory class and make sure
that it correctly implements the SecureProtocolSocketFactory interface,
especially new methods introduced in 3.0
Oleg
> something must be different in client 3.
>
> Oleg Kalnichevski wrote:
>
> >Michael,
> >
> >This means one and only thing: misconfiguration of the SSL context,
> >which is strictly speaking not a problem with HttpClient. For details
> >see the SSL guide [1]. You might want to take a closer look at the
> >AuthSSLProtocolSocketFactory in particular.
> >
> >Hope this helps,
> >
> >Oleg
> >
> >[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
> >
> >
> >On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
> >
> >
> >>Hello,
> >>
> >>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
> >>our application does not work correctly any more.
> >>
> >>the http server that the application connects to requires SSL with
> >>client-certificates.
> >>without a http-proxy server there is no problem.
> >>when using a http-proxy server, the result depends on the proxy server,
> >>it either never responds, or a "peer not authenticated" exception is
> >>thrown at the application.
> >>here is log debug log:
> >>
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.protocol.version = HTTP/1.1
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.connection-manager.class = class
> >>org.apache.commons.httpclient.SimpleHttpConnectionManager
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.protocol.cookie-policy = rfc2109
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.protocol.element-charset = US-ASCII
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.protocol.content-charset = ISO-8859-1
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.method.retry-handler =
> >>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
> >>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
> >>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
> >>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
> >>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
> >>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
> >>HH:mm:ss z]
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.connection-manager.max-total = 500
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.connection.timeout = 60000
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
> >>Microsystems Inc.
> >>org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
> >>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>name: Windows XP
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>architecture: x86
> >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> >>version: 5.1
> >>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
> >>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> >>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> >>CertPathBuilder; LDAP, Collection CertStores)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
> >>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
> >>factories, SSLv3, TLSv1)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
> >>SUN's provider for RSA signatures
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
> >>Provider (implements DES, Triple DES, AES, Blowfish, PBE,
> >>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> >>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
> >>(Kerberos v5)
> >>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle
> >>Security Provider v1.29
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.socket.timeout = 0
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> >>PostMethod.clearRequestBody()
> >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> >>enter EntityEnclosingMethod.clearRequestBody()
> >>org.apache.commons.httpclient.HttpClient - 10000 - enter
> >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- HttpConnectionManager.getConnection: config =
> >>HostConfiguration[host=https://localhost,
> >>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- Allocating new connection,
> >>hostConfig=HostConfiguration[host=https://localhost,
> >>proxyHost=http://192.168.200.224:8888]
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>HttpConnection.open()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> >>to 192.168.200.224:8888
> >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> >>parameter http.socket.timeout = 0
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.HttpMethodBase - 10000 -
> >>HttpMethodBase.addRequestHeader(Header)
> >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> >>PostMethod.clearRequestBody()
> >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> >>enter EntityEnclosingMethod.clearRequestBody()
> >>org.apache.commons.httpclient.HttpClient - 10000 - enter
> >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- HttpConnectionManager.getConnection: config =
> >>HostConfiguration[host=https://localhost,
> >>proxyHost=http://192.168.200.224:8888], timeout = 0
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- enter
> >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> >>- Allocating new connection,
> >>hostConfig=HostConfiguration[host=https://localhost,
> >>proxyHost=http://192.168.200.224:8888]
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>HttpConnection.open()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> >>to 192.168.200.224:8888
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>HttpConnection.closeSockedAndStreams()
> >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
> >>connection.
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>HttpConnection.close()
> >>org.apache.commons.httpclient.HttpConnection - 10000 - enter
> >>HttpConnection.closeSockedAndStreams()
> >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception
> >>caught when processing request: peer not authenticated
> >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
> >>authenticated
> >>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >> at
> >>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
> >> at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
> >> at
> >>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
> >> at
> >>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
> >> at
> >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
> >> at
> >>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> >> at
> >>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> >> at
> >>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> >> at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
> >> at de.msg.j.run(Unknown Source)
> >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying
> >>request
> >>
> >>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> >
>
> --
> Mit freundlichen Gr??en / Best Regards,
> Michael H?usler
> __________________________________________________________________
> Ponton Consulting GmbH voice: + 49.40.69213-340
> http://www.ponton-consulting.de/ fax: + 49.40.69213-355
> Dorotheenstra?e 60
> D-22301 Hamburg
> Ponton Consulting is a Member of C1 Group
> __________________________________________________________________
>
> HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
> Ponton Consulting is a Member of C1 Group (www.c1-group.com)
> __________________________________________________________________
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL via Proxy Problems
Posted by michael haeusler <ha...@ponton-consulting.de>.
Oleg,
how could this be a problem of the SSL context if all works fine in
client 3-rc3 without proxy,
and also works fine in client 2 with or without proxy.
something must be different in client 3.
Oleg Kalnichevski wrote:
>Michael,
>
>This means one and only thing: misconfiguration of the SSL context,
>which is strictly speaking not a problem with HttpClient. For details
>see the SSL guide [1]. You might want to take a closer look at the
>AuthSSLProtocolSocketFactory in particular.
>
>Hope this helps,
>
>Oleg
>
>[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
>
>
>On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
>
>
>>Hello,
>>
>>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
>>our application does not work correctly any more.
>>
>>the http server that the application connects to requires SSL with
>>client-certificates.
>>without a http-proxy server there is no problem.
>>when using a http-proxy server, the result depends on the proxy server,
>>it either never responds, or a "peer not authenticated" exception is
>>thrown at the application.
>>here is log debug log:
>>
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.protocol.version = HTTP/1.1
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.connection-manager.class = class
>>org.apache.commons.httpclient.SimpleHttpConnectionManager
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.protocol.cookie-policy = rfc2109
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.protocol.element-charset = US-ASCII
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.protocol.content-charset = ISO-8859-1
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.method.retry-handler =
>>org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
>>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
>>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
>>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
>>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
>>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
>>HH:mm:ss z]
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.connection-manager.max-total = 500
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.connection.timeout = 60000
>>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
>>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
>>Microsystems Inc.
>>org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
>>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>name: Windows XP
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>architecture: x86
>>org.apache.commons.httpclient.HttpClient - 10000 - Operating system
>>version: 5.1
>>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
>>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
>>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
>>CertPathBuilder; LDAP, Collection CertStores)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
>>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
>>factories, SSLv3, TLSv1)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
>>SUN's provider for RSA signatures
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
>>Provider (implements DES, Triple DES, AES, Blowfish, PBE,
>>Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
>>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
>>(Kerberos v5)
>>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle
>>Security Provider v1.29
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.socket.timeout = 0
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
>>PostMethod.clearRequestBody()
>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
>>enter EntityEnclosingMethod.clearRequestBody()
>>org.apache.commons.httpclient.HttpClient - 10000 - enter
>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter
>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- HttpConnectionManager.getConnection: config =
>>HostConfiguration[host=https://localhost,
>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- Allocating new connection,
>>hostConfig=HostConfiguration[host=https://localhost,
>>proxyHost=http://192.168.200.224:8888]
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>HttpConnection.open()
>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
>>to 192.168.200.224:8888
>>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
>>parameter http.socket.timeout = 0
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.HttpMethodBase - 10000 -
>>HttpMethodBase.addRequestHeader(Header)
>>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
>>PostMethod.clearRequestBody()
>>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
>>enter EntityEnclosingMethod.clearRequestBody()
>>org.apache.commons.httpclient.HttpClient - 10000 - enter
>>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter
>>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- HttpConnectionManager.getConnection: config =
>>HostConfiguration[host=https://localhost,
>>proxyHost=http://192.168.200.224:8888], timeout = 0
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
>>- Allocating new connection,
>>hostConfig=HostConfiguration[host=https://localhost,
>>proxyHost=http://192.168.200.224:8888]
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>HttpConnection.open()
>>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
>>to 192.168.200.224:8888
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>HttpConnection.closeSockedAndStreams()
>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
>>connection.
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>HttpConnection.close()
>>org.apache.commons.httpclient.HttpConnection - 10000 - enter
>>HttpConnection.closeSockedAndStreams()
>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception
>>caught when processing request: peer not authenticated
>>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
>>authenticated
>>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>> at
>>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
>> at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
>> at
>>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
>> at
>>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
>> at
>>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
>> at
>>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
>> at
>>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
>> at
>>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
>> at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
>> at de.msg.j.run(Unknown Source)
>>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request
>>
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
--
Mit freundlichen Grüßen / Best Regards,
Michael Häusler
__________________________________________________________________
Ponton Consulting GmbH voice: + 49.40.69213-340
http://www.ponton-consulting.de/ fax: + 49.40.69213-355
Dorotheenstraße 60
D-22301 Hamburg
Ponton Consulting is a Member of C1 Group
__________________________________________________________________
HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
Ponton Consulting is a Member of C1 Group (www.c1-group.com)
__________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL via Proxy Problems
Posted by Oleg Kalnichevski <ol...@apache.org>.
Michael,
This means one and only thing: misconfiguration of the SSL context,
which is strictly speaking not a problem with HttpClient. For details
see the SSL guide [1]. You might want to take a closer look at the
AuthSSLProtocolSocketFactory in particular.
Hope this helps,
Oleg
[1] http://jakarta.apache.org/commons/httpclient/sslguide.html
On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote:
> Hello,
>
> I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
> our application does not work correctly any more.
>
> the http server that the application connects to requires SSL with
> client-certificates.
> without a http-proxy server there is no problem.
> when using a http-proxy server, the result depends on the proxy server,
> it either never responds, or a "peer not authenticated" exception is
> thrown at the application.
> here is log debug log:
>
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.protocol.version = HTTP/1.1
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.connection-manager.class = class
> org.apache.commons.httpclient.SimpleHttpConnectionManager
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.protocol.cookie-policy = rfc2109
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.protocol.element-charset = US-ASCII
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.protocol.content-charset = ISO-8859-1
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.method.retry-handler =
> org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@e312
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz,
> EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
> HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
> dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
> HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
> EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
> HH:mm:ss z]
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.connection-manager.max-total = 500
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.connection.timeout = 60000
> org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
> org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun
> Microsystems Inc.
> org.apache.commons.httpclient.HttpClient - 10000 - Java class path:
> jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
> org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> name: Windows XP
> org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> architecture: x86
> org.apache.commons.httpclient.HttpClient - 10000 - Operating system
> version: 5.1
> org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA
> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> CertPathBuilder; LDAP, Collection CertStores)
> org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun
> JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust
> factories, SSLv3, TLSv1)
> org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42:
> SUN's provider for RSA signatures
> org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE
> Provider (implements DES, Triple DES, AES, Blowfish, PBE,
> Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
> org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun
> (Kerberos v5)
> org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle
> Security Provider v1.29
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.socket.timeout = 0
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> PostMethod.clearRequestBody()
> org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> enter EntityEnclosingMethod.clearRequestBody()
> org.apache.commons.httpclient.HttpClient - 10000 - enter
> HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter
> HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - HttpConnectionManager.getConnection: config =
> HostConfiguration[host=https://localhost,
> proxyHost=http://192.168.200.224:8888], timeout = 0
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - Allocating new connection,
> hostConfig=HostConfiguration[host=https://localhost,
> proxyHost=http://192.168.200.224:8888]
> org.apache.commons.httpclient.HttpConnection - 10000 - enter
> HttpConnection.open()
> org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> to 192.168.200.224:8888
> org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set
> parameter http.socket.timeout = 0
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.HttpMethodBase - 10000 -
> HttpMethodBase.addRequestHeader(Header)
> org.apache.commons.httpclient.methods.PostMethod - 10000 - enter
> PostMethod.clearRequestBody()
> org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 -
> enter EntityEnclosingMethod.clearRequestBody()
> org.apache.commons.httpclient.HttpClient - 10000 - enter
> HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter
> HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - HttpConnectionManager.getConnection: config =
> HostConfiguration[host=https://localhost,
> proxyHost=http://192.168.200.224:8888], timeout = 0
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000
> - Allocating new connection,
> hostConfig=HostConfiguration[host=https://localhost,
> proxyHost=http://192.168.200.224:8888]
> org.apache.commons.httpclient.HttpConnection - 10000 - enter
> HttpConnection.open()
> org.apache.commons.httpclient.HttpConnection - 10000 - Open connection
> to 192.168.200.224:8888
> org.apache.commons.httpclient.HttpConnection - 10000 - enter
> HttpConnection.closeSockedAndStreams()
> org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the
> connection.
> org.apache.commons.httpclient.HttpConnection - 10000 - enter
> HttpConnection.close()
> org.apache.commons.httpclient.HttpConnection - 10000 - enter
> HttpConnection.closeSockedAndStreams()
> org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception
> caught when processing request: peer not authenticated
> org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not
> authenticated
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
> at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
> at
> de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
> at
> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
> at
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
> at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
> at de.msg.j.run(Unknown Source)
> org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org