You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Stefan Armbruster <ml...@armbruster-it.de> on 2006/07/26 20:26:11 UTC
SSL with self-signed cert and proxy
Hi,
I'm trying to access a remote site using a self-signed SSL certificate using a
locally installed debugging proxy (http://xk72.com/charles/). In order to
handle the self-signed SSL cert, I'm using EasySSLProtocolSocketFactory from
to contrib/ssl folder. My code so far:
HttpClient client = new HttpClient();
Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(),
443);
Protocol.registerProtocol("https", easyhttps);
HostConfiguration hostConfiguration = new HostConfiguration();
HostParams params = new HostParams();
params.setParameter("http.useragent", "Mozilla/4.0 (compatible; MSIE 6.0;
WINDOWS; .NET CLR 1.1.4322)");
params.setParameter("http.protocol.cookie-policy",
CookiePolicy.BROWSER_COMPATIBILITY);
hostConfiguration.setParams(params);
// hostConfiguration.setProxy("localhost", 8888); // this is the relevant
line
HttpState httpState = new HttpState();
HttpMethod method = new GetMethod("https://<host>/<path>");
client.executeMethod(hostConfiguration, method, httpState);
It works fine when accessing the remote site directly without the proxy. When
switching on proxy usage by removing the "//" in hostConfiguration.proxy, a
SSLHandshakeException occurs:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
This seems like the default SSL implementation is being used and not
EasySSLProtocolSocketFactory. Any hints on this?
BTW: I'm using HTTPClient 3.0.1 with Sun JDK 1.5.0_07.
Regards,
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org