You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by RossW <ro...@gmail.com> on 2007/04/03 07:23:18 UTC
SSL Site
Hiyas,
I hope you guys can help cause this one is driving me mad. Ok, so the good
news first, I can successfully connect my Java SWT App to a normal http site
which also has basic authent setup and i can extract stuff from the page.
When i try to do the same thing from a SSL or https site i get IO errors. I
appoligise for not putting the exact trace details in here but i am hoping
this isnt neccessary. The site has an unverifiable certificate (this cant
be changed) so i have had to setup a security manager to exept all
certificates verified or not. The docs on the apache site imply that i
should then be able to connect to it like it would a normal page but i have
found this isnt the case. The code i am using is not exactly designed for
Jakarta commons libs but it should still work shouldnt it ? This is the
code i have (i got the idea for this code from a site i cant recall the name
of sorry)
[code]
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.getMessage();
}
HttpClient chester_client = new HttpClient();
[/code]
please help me!!
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a9803919
Sent from the HttpClient-User mailing list archive at Nabble.com.
Re: SSL Site
Posted by Roland Weber <os...@dubioso.net>.
Hello Ross,
> and also if i add a printstack trace i get
>
> java.net.ConnectException: Connection timed out: connect
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.PlainSocketImpl.doConnect(Unknown Source)
> ...........
Feel free to cut from a stack trace everything that is in
your code, but leave in the parts of the HttpClient code.
> I would like to put some of my code in here but what tags do i use so that
> it formats it in here as code. I tried to paste i in here but it wrapped it
> into a single block ie paragraph instead of line by line.
When sending plain text mails, they should arrive here in
the original formatting except for additional line breaks.
We can deal with that. It helps if your code is indented
using space characters instead of tabs.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
Roland Weber-3 wrote:
>
>
> You can keep the details to yourself, no problem. But how about posting
> *anything* about the problem? Like an exception message and stack trace?
> Feel free to remove host names and the upper layers of the stack trace.
>
> cheers,
> Roland
>
>
Hi,
This is the message exception that i get
20/04/2007 12:48:23 org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry
INFO: I/O exception (java.net.ConnectException) caught when processing
request: Connection timed out: connect
20/04/2007 12:48:23 org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry
INFO: Retrying request
and also if i add a printstack trace i get
java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
...........
I would like to put some of my code in here but what tags do i use so that
it formats it in here as code. I tried to paste i in here but it wrapped it
into a single block ie paragraph instead of line by line.
Cheers.
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10090662
Sent from the HttpClient-User mailing list archive at Nabble.com.
Re: SSL Site
Posted by Roland Weber <os...@dubioso.net>.
Hi Ross,
> I hope you guys can help cause this one is driving me mad. Ok, so the good
> news first, I can successfully connect my Java SWT App to a normal http site
> which also has basic authent setup and i can extract stuff from the page.
> When i try to do the same thing from a SSL or https site i get IO errors. I
> appoligise for not putting the exact trace details in here but i am hoping
> this isnt neccessary.
You can keep the details to yourself, no problem. But how about posting
*anything* about the problem? Like an exception message and stack trace?
Feel free to remove host names and the upper layers of the stack trace.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2008-03-17 at 22:19 -0700, Ravichan wrote:
> Hi .. I followed your steps .
>
> I have downloaded the certificate & and stored as DER in local.
> Then I tried to execute the following command.
>
> keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>
> Its asking for a password. I am not sure , What password to supply.
>
changeit
Sometime Google really helps
Oleg
> Can you please suggest me.
>
>
>
> olegk wrote:
> >
> > On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
> >> ok cool...i fixed the problem. So first of all i had to connect through
> >> proxy first and then secondly i had to add the certificate to the
> >> keystore
> >> and then add the keystore as a property to code..now working fine. so
> >> here
> >> is the code which made all the difference.
> >>
> >> first i had to export the cert from the site...once logged in i just
> >> double
> >> clicked on the lock icon in IE (on the status bar down the bottom of IE
> >> when
> >> logged into the secure site)and then found and copy to file button. I
> >> saved
> >> it as a DER encrypted file to say c:\temp\certfile.cer and then using
> >> keytool as follows (keytool can be found in the JDK bin folder)
> >>
> >> keytool -keystore "C:\Program
> >> Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> >> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
> >>
> >> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
> >> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
> >>
> >> and now is working like a charm. I hope this comes in handy for someone
> >> else in future cuz this one really sucked.
> >>
> >
> > Ross
> >
> > You may consider using AuthSSLProtocolSocketFactory if you want to avoid
> > having to modify the cacerts file
> >
> > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> > http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
> >
> > For details see
> >
> > http://jakarta.apache.org/commons/httpclient/sslguide.html
> >
> > Oleg
> >
> >>
> >> RossW wrote:
> >> >
> >> > ok now i am getting this...the change i made which was causing the prev
> >> > error was to connect via proxy first. Funny thing was that i was told
> >> > without any doubt that it was not proxied. Anyways now i am getting SSL
> >> > cert related errors
> >> >
> >> > javax.net.ssl.SSLHandshakeException:
> >> > sun.security.validator.ValidatorException: PKIX path building failed:
> >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> >> find
> >> > valid certification path to requested target
> >> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> >> > at
> >> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> >> > Source)
> >> > at
> >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> >> Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> >> Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> >> > Source)
> >> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> >> Source)
> >> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> >> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> >> > at java.io.BufferedOutputStream.flush(Unknown Source)
> >> > at
> >> >
> >> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown
> >> Source)
> >> > at
> >> >
> >> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> >> > Source)
> >> > at
> >> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> >> > Source)
> >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> >> Source)
> >> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
> >> Source)
> >> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> >> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
> >> > at java.lang.Thread.run(Unknown Source)
> >> > Caused by: sun.security.validator.ValidatorException: PKIX path
> >> building
> >> > failed: sun.security.provider.certpath.SunCertPathBuilderException:
> >> unable
> >> > to find valid certification path to requested target
> >> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> >> > at sun.security.validator.Validator.validate(Unknown Source)
> >> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> >> > Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > at
> >> >
> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> >> > Source)
> >> > ... 20 more
> >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> >> > unable to find valid certification path to requested target
> >> > at
> >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> >> > Source)
> >> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> >> > ... 26 more
> >> >
> >> > olegk wrote:
> >> >>
> >> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
> >> >>>
> >> >>> >
> >> >>> > Ross,
> >> >>> >
> >> >>> > This appears to be some kind of connectivity problem. Is this an
> >> >>> > intranet or internet site? Can you establish a connection to that
> >> site
> >> >>> > using a browser?
> >> >>> >
> >> >>> > You do not explicitly set a connect timeout value, so JRE the
> >> default
> >> >>> > one applies. Try explicitly setting the connect timeout value to
> >> >>> > something like 10 min and see what happens.
> >> >>> >
> >> >>> > Oleg
> >> >>> >
> >> >>
> >> >> ...
> >> >>
> >> >>>
> >> >>> Hey thanks for the reply. It is an intranet site but i am able to
> >> >>> access it
> >> >>> ok when using my browser and the proxy server does not affect this
> >> site.
> >> >>> I
> >> >>> think i have tried setting the timeout for both the connection and
> >> the
> >> >>> socket to unlim and it was still failing. I suspect somehow it is
> >> >>> related
> >> >>> to the SSL but found it odd that i can connect to some SSL sites. A
> >> >>> friend
> >> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written
> >> by
> >> >>> a
> >> >>> chinese group cant recall there name) and the code is similar and it
> >> >>> works
> >> >>> fine. I want to the apache one because i believe it will have more
> >> >>> ongoing
> >> >>> support.
> >> >>>
> >> >>> Thanks.
> >> >>
> >> >> Please note that for some JREs infinite connect timeout (zero value)
> >> >> effectively means the _default_ value, which may well be a finite
> >> >> number.
> >> >>
> >> >> Are you absolutely sure the browser is hitting the site directly and
> >> not
> >> >> through a proxy?
> >> >>
> >> >> Anyways, if this is an internal site, internal infrastructure staff
> >> are
> >> >> your best friends. They should be able to tell why connections time
> >> out.
> >> >>
> >> >> Oleg
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> >> For additional commands, e-mail:
> >> httpclient-user-help@jakarta.apache.org
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> >
>
> --
> View this message in context: http://www.nabble.com/SSL-Site-tp9803919p16114444.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: SSL Site
Posted by Ravichan <ra...@gmail.com>.
Hi .. I followed your steps .
I have downloaded the certificate & and stored as DER in local.
Then I tried to execute the following command.
keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
-import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
Its asking for a password. I am not sure , What password to supply.
Can you please suggest me.
olegk wrote:
>
> On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
>> ok cool...i fixed the problem. So first of all i had to connect through
>> proxy first and then secondly i had to add the certificate to the
>> keystore
>> and then add the keystore as a property to code..now working fine. so
>> here
>> is the code which made all the difference.
>>
>> first i had to export the cert from the site...once logged in i just
>> double
>> clicked on the lock icon in IE (on the status bar down the bottom of IE
>> when
>> logged into the secure site)and then found and copy to file button. I
>> saved
>> it as a DER encrypted file to say c:\temp\certfile.cer and then using
>> keytool as follows (keytool can be found in the JDK bin folder)
>>
>> keytool -keystore "C:\Program
>> Files\Java\jdk1.6.0\jre\lib\security\cacerts"
>> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>>
>> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
>> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
>>
>> and now is working like a charm. I hope this comes in handy for someone
>> else in future cuz this one really sucked.
>>
>
> Ross
>
> You may consider using AuthSSLProtocolSocketFactory if you want to avoid
> having to modify the cacerts file
>
> http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
> http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
>
> For details see
>
> http://jakarta.apache.org/commons/httpclient/sslguide.html
>
> Oleg
>
>>
>> RossW wrote:
>> >
>> > ok now i am getting this...the change i made which was causing the prev
>> > error was to connect via proxy first. Funny thing was that i was told
>> > without any doubt that it was not proxied. Anyways now i am getting SSL
>> > cert related errors
>> >
>> > javax.net.ssl.SSLHandshakeException:
>> > sun.security.validator.ValidatorException: PKIX path building failed:
>> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find
>> > valid certification path to requested target
>> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> > at
>> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
>> > Source)
>> > at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
>> > Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
>> Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
>> Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>> > Source)
>> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
>> Source)
>> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
>> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
>> > at java.io.BufferedOutputStream.flush(Unknown Source)
>> > at
>> >
>> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown
>> Source)
>> > at
>> >
>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
>> > Source)
>> > at
>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
>> > Source)
>> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
>> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
>> > at java.lang.Thread.run(Unknown Source)
>> > Caused by: sun.security.validator.ValidatorException: PKIX path
>> building
>> > failed: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable
>> > to find valid certification path to requested target
>> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
>> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
>> > at sun.security.validator.Validator.validate(Unknown Source)
>> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
>> > Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> > Source)
>> > at
>> >
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> > Source)
>> > ... 20 more
>> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>> > unable to find valid certification path to requested target
>> > at
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
>> > Source)
>> > at java.security.cert.CertPathBuilder.build(Unknown Source)
>> > ... 26 more
>> >
>> > olegk wrote:
>> >>
>> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>> >>>
>> >>> >
>> >>> > Ross,
>> >>> >
>> >>> > This appears to be some kind of connectivity problem. Is this an
>> >>> > intranet or internet site? Can you establish a connection to that
>> site
>> >>> > using a browser?
>> >>> >
>> >>> > You do not explicitly set a connect timeout value, so JRE the
>> default
>> >>> > one applies. Try explicitly setting the connect timeout value to
>> >>> > something like 10 min and see what happens.
>> >>> >
>> >>> > Oleg
>> >>> >
>> >>
>> >> ...
>> >>
>> >>>
>> >>> Hey thanks for the reply. It is an intranet site but i am able to
>> >>> access it
>> >>> ok when using my browser and the proxy server does not affect this
>> site.
>> >>> I
>> >>> think i have tried setting the timeout for both the connection and
>> the
>> >>> socket to unlim and it was still failing. I suspect somehow it is
>> >>> related
>> >>> to the SSL but found it odd that i can connect to some SSL sites. A
>> >>> friend
>> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written
>> by
>> >>> a
>> >>> chinese group cant recall there name) and the code is similar and it
>> >>> works
>> >>> fine. I want to the apache one because i believe it will have more
>> >>> ongoing
>> >>> support.
>> >>>
>> >>> Thanks.
>> >>
>> >> Please note that for some JREs infinite connect timeout (zero value)
>> >> effectively means the _default_ value, which may well be a finite
>> >> number.
>> >>
>> >> Are you absolutely sure the browser is hitting the site directly and
>> not
>> >> through a proxy?
>> >>
>> >> Anyways, if this is an internal site, internal infrastructure staff
>> are
>> >> your best friends. They should be able to tell why connections time
>> out.
>> >>
>> >> Oleg
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> >> For additional commands, e-mail:
>> httpclient-user-help@jakarta.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/SSL-Site-tp9803919p16114444.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: SSL Site
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2007-05-02 at 22:22 -0700, RossW wrote:
> ok cool...i fixed the problem. So first of all i had to connect through
> proxy first and then secondly i had to add the certificate to the keystore
> and then add the keystore as a property to code..now working fine. so here
> is the code which made all the difference.
>
> first i had to export the cert from the site...once logged in i just double
> clicked on the lock icon in IE (on the status bar down the bottom of IE when
> logged into the secure site)and then found and copy to file button. I saved
> it as a DER encrypted file to say c:\temp\certfile.cer and then using
> keytool as follows (keytool can be found in the JDK bin folder)
>
> keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
> -import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
>
> System.setProperty("javax.net.ssl.trustStore", "C:\\Program
> Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
>
> and now is working like a charm. I hope this comes in handy for someone
> else in future cuz this one really sucked.
>
Ross
You may consider using AuthSSLProtocolSocketFactory if you want to avoid
having to modify the cacerts file
http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/
http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
For details see
http://jakarta.apache.org/commons/httpclient/sslguide.html
Oleg
>
> RossW wrote:
> >
> > ok now i am getting this...the change i made which was causing the prev
> > error was to connect via proxy first. Funny thing was that i was told
> > without any doubt that it was not proxied. Anyways now i am getting SSL
> > cert related errors
> >
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> > valid certification path to requested target
> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> > at java.io.BufferedOutputStream.flush(Unknown Source)
> > at
> > org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
> > at
> > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> > Source)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
> > at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
> > at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> > at chester_japp.Chester_queue.run(Chester_queue.java:382)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> > to find valid certification path to requested target
> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> > at sun.security.validator.Validator.validate(Unknown Source)
> > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> > ... 20 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> > ... 26 more
> >
> > olegk wrote:
> >>
> >> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
> >>>
> >>> >
> >>> > Ross,
> >>> >
> >>> > This appears to be some kind of connectivity problem. Is this an
> >>> > intranet or internet site? Can you establish a connection to that site
> >>> > using a browser?
> >>> >
> >>> > You do not explicitly set a connect timeout value, so JRE the default
> >>> > one applies. Try explicitly setting the connect timeout value to
> >>> > something like 10 min and see what happens.
> >>> >
> >>> > Oleg
> >>> >
> >>
> >> ...
> >>
> >>>
> >>> Hey thanks for the reply. It is an intranet site but i am able to
> >>> access it
> >>> ok when using my browser and the proxy server does not affect this site.
> >>> I
> >>> think i have tried setting the timeout for both the connection and the
> >>> socket to unlim and it was still failing. I suspect somehow it is
> >>> related
> >>> to the SSL but found it odd that i can connect to some SSL sites. A
> >>> friend
> >>> of mine wrote a similar program that uses HTTPCLIENT (the one written by
> >>> a
> >>> chinese group cant recall there name) and the code is similar and it
> >>> works
> >>> fine. I want to the apache one because i believe it will have more
> >>> ongoing
> >>> support.
> >>>
> >>> Thanks.
> >>
> >> Please note that for some JREs infinite connect timeout (zero value)
> >> effectively means the _default_ value, which may well be a finite
> >> number.
> >>
> >> Are you absolutely sure the browser is hitting the site directly and not
> >> through a proxy?
> >>
> >> Anyways, if this is an internal site, internal infrastructure staff are
> >> your best friends. They should be able to tell why connections time out.
> >>
> >> Oleg
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >>
> >>
> >>
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
ok cool...i fixed the problem. So first of all i had to connect through
proxy first and then secondly i had to add the certificate to the keystore
and then add the keystore as a property to code..now working fine. so here
is the code which made all the difference.
first i had to export the cert from the site...once logged in i just double
clicked on the lock icon in IE (on the status bar down the bottom of IE when
logged into the secure site)and then found and copy to file button. I saved
it as a DER encrypted file to say c:\temp\certfile.cer and then using
keytool as follows (keytool can be found in the JDK bin folder)
keytool -keystore "C:\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts"
-import -alias mysecurestore -file C:\temp\certfile.cer -trustcacerts
System.setProperty("javax.net.ssl.trustStore", "C:\\Program
Files\\Java\\jdk1.6.0\\jre\\lib\\security\\cacerts");
and now is working like a charm. I hope this comes in handy for someone
else in future cuz this one really sucked.
RossW wrote:
>
> ok now i am getting this...the change i made which was causing the prev
> error was to connect via proxy first. Funny thing was that i was told
> without any doubt that it was not proxied. Anyways now i am getting SSL
> cert related errors
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> at java.io.BufferedOutputStream.flush(Unknown Source)
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
> at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
> at chester_japp.Chester_queue.run(Chester_queue.java:382)
> at java.lang.Thread.run(Unknown Source)
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 20 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 26 more
>
> olegk wrote:
>>
>> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>>>
>>> >
>>> > Ross,
>>> >
>>> > This appears to be some kind of connectivity problem. Is this an
>>> > intranet or internet site? Can you establish a connection to that site
>>> > using a browser?
>>> >
>>> > You do not explicitly set a connect timeout value, so JRE the default
>>> > one applies. Try explicitly setting the connect timeout value to
>>> > something like 10 min and see what happens.
>>> >
>>> > Oleg
>>> >
>>
>> ...
>>
>>>
>>> Hey thanks for the reply. It is an intranet site but i am able to
>>> access it
>>> ok when using my browser and the proxy server does not affect this site.
>>> I
>>> think i have tried setting the timeout for both the connection and the
>>> socket to unlim and it was still failing. I suspect somehow it is
>>> related
>>> to the SSL but found it odd that i can connect to some SSL sites. A
>>> friend
>>> of mine wrote a similar program that uses HTTPCLIENT (the one written by
>>> a
>>> chinese group cant recall there name) and the code is similar and it
>>> works
>>> fine. I want to the apache one because i believe it will have more
>>> ongoing
>>> support.
>>>
>>> Thanks.
>>
>> Please note that for some JREs infinite connect timeout (zero value)
>> effectively means the _default_ value, which may well be a finite
>> number.
>>
>> Are you absolutely sure the browser is hitting the site directly and not
>> through a proxy?
>>
>> Anyways, if this is an internal site, internal infrastructure staff are
>> your best friends. They should be able to tell why connections time out.
>>
>> Oleg
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10299173
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
ok now i am getting this...the change i made which was causing the prev error
was to connect via proxy first. Funny thing was that i was told without any
doubt that it was not proxied. Anyways now i am getting SSL cert related
errors
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Unknown
Source)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(Unknown
Source)
at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
Source)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at chester_japp.Chester_queue.record_proc(Chester_queue.java:129)
at chester_japp.Chester_queue.run(Chester_queue.java:382)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 26 more
olegk wrote:
>
> On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>>
>> >
>> > Ross,
>> >
>> > This appears to be some kind of connectivity problem. Is this an
>> > intranet or internet site? Can you establish a connection to that site
>> > using a browser?
>> >
>> > You do not explicitly set a connect timeout value, so JRE the default
>> > one applies. Try explicitly setting the connect timeout value to
>> > something like 10 min and see what happens.
>> >
>> > Oleg
>> >
>
> ...
>
>>
>> Hey thanks for the reply. It is an intranet site but i am able to access
>> it
>> ok when using my browser and the proxy server does not affect this site.
>> I
>> think i have tried setting the timeout for both the connection and the
>> socket to unlim and it was still failing. I suspect somehow it is
>> related
>> to the SSL but found it odd that i can connect to some SSL sites. A
>> friend
>> of mine wrote a similar program that uses HTTPCLIENT (the one written by
>> a
>> chinese group cant recall there name) and the code is similar and it
>> works
>> fine. I want to the apache one because i believe it will have more
>> ongoing
>> support.
>>
>> Thanks.
>
> Please note that for some JREs infinite connect timeout (zero value)
> effectively means the _default_ value, which may well be a finite
> number.
>
> Are you absolutely sure the browser is hitting the site directly and not
> through a proxy?
>
> Anyways, if this is an internal site, internal infrastructure staff are
> your best friends. They should be able to tell why connections time out.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10298380
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2007-04-24 at 04:22 -0700, RossW wrote:
>
> >
> > Ross,
> >
> > This appears to be some kind of connectivity problem. Is this an
> > intranet or internet site? Can you establish a connection to that site
> > using a browser?
> >
> > You do not explicitly set a connect timeout value, so JRE the default
> > one applies. Try explicitly setting the connect timeout value to
> > something like 10 min and see what happens.
> >
> > Oleg
> >
...
>
> Hey thanks for the reply. It is an intranet site but i am able to access it
> ok when using my browser and the proxy server does not affect this site. I
> think i have tried setting the timeout for both the connection and the
> socket to unlim and it was still failing. I suspect somehow it is related
> to the SSL but found it odd that i can connect to some SSL sites. A friend
> of mine wrote a similar program that uses HTTPCLIENT (the one written by a
> chinese group cant recall there name) and the code is similar and it works
> fine. I want to the apache one because i believe it will have more ongoing
> support.
>
> Thanks.
Please note that for some JREs infinite connect timeout (zero value)
effectively means the _default_ value, which may well be a finite
number.
Are you absolutely sure the browser is hitting the site directly and not
through a proxy?
Anyways, if this is an internal site, internal infrastructure staff are
your best friends. They should be able to tell why connections time out.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
olegk wrote:
>
> On Sun, 2007-04-22 at 17:04 -0700, RossW wrote:
>>
>> olegk wrote:
>> >
>> >
>> > Ross,
>> >
>> > (1) What is the version of JRE you are using?
>> >
>> > (2) Please post a _complete_ wire log of the HTTP session. Feel free to
>> > obfuscate whatever details you deem sensitive. The information given so
>> > far is simply not sufficient to identify the cause of the problem.
>> >
>> > Oleg
>> >
>> >
>> >>
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail:
>> httpclient-user-help@jakarta.apache.org
>> >
>> >
>> >
>>
>> Hi thanks for your help...Here is the output from the logging.
>>
>> <pre>
>> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java version: 1.6.0
>> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java vendor: Sun
>> Microsystems Inc.
>> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java class path:
>> C:\Documents and Settings\User\Workspace\HTTPDApp;C:\Program
>> Files\eclipse\plugins\org.eclipse.swt.win32.win32.x86_3.2.2.v3235a.jar
>> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system name:
>> Windows XP
>> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system
>> architecture: x86
>> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system
>> version:
>> 5.1
>> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
>> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
>> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
>> CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
>> JavaLoginConfig Configuration)
>> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
>> signature provider
>> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
>> provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
>> 2007/04/23 09:55:27:078 EST [DEBUG] HttpClient - SunJCE 1.6: SunJCE
>> Provider
>> (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
>> Diffie-Hellman, HMAC)
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunJGSS 1.0: Sun
>> (Kerberos
>> v5, SPNEGO)
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
>> provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
>> PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig
>> (DOM
>> XMLSignatureFactory; DOM KeyInfoFactory)
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
>> provider
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
>> Microsoft Crypto API provider
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.useragent = Jakarta Commons-HttpClient/3.1-alpha1
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.protocol.version = HTTP/1.1
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.connection-manager.class = class
>> org.apache.commons.httpclient.SimpleHttpConnectionManager
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.protocol.cookie-policy = default
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.protocol.element-charset = US-ASCII
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.protocol.content-charset = ISO-8859-1
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.method.retry-handler =
>> org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@c3c315
>> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
>> http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE,
>> dd-MMM-yy
>> HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
>> dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy
>> HH:mm:ss
>> z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
>> HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
>> EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
>> 2007/04/23 09:55:27:093 EST [DEBUG] HttpConnection - Open connection to
>> www.securesite.com:443
>> 2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Closing the
>> connection.
>> 2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - I/O exception
>> (java.net.ConnectException) caught when processing request: Connection
>> timed
>> out: connect
>> 2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Connection timed
>> out: connect <java.net.ConnectException: Connection timed out:
>> connect>java.net.ConnectException: Connection timed out: connect
>> at java.net.PlainSocketImpl.socketConnect(Native Method)
>> at java.net.PlainSocketImpl.doConnect(Unknown Source)
>> at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
>> at java.net.PlainSocketImpl.connect(Unknown Source)
>> at java.net.SocksSocketImpl.connect(Unknown Source)
>> at java.net.Socket.connect(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown
>> Source)
>> at
>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
>> Source)
>> at
>> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
>> Source)
>> at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
>> at
>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
>> Source)
>> at
>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
>> Source)
>> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown
>> Source)
>>
>> <removed trace from here down>
>>
>> 2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - Retrying request
>> 2007/04/23 09:55:48:359 EST [DEBUG] HttpConnection - Open connection to
>> www.securesite.com:443
>>
>> So just to add to this posting ill give your some info about what i am
>> trying to do again. I have a secure site with with basic authentication
>> that i need to access. I can get my app to access a non SSL site with
>> basic
>> authent without any probs but have been unable to do the same with a
>> particular intra network SSL site. Here is the code i have to deal with
>> the
>> certificates as well:
>>
>
> Ross,
>
> This appears to be some kind of connectivity problem. Is this an
> intranet or internet site? Can you establish a connection to that site
> using a browser?
>
> You do not explicitly set a connect timeout value, so JRE the default
> one applies. Try explicitly setting the connect timeout value to
> something like 10 min and see what happens.
>
> Oleg
>
>
>> TrustManager[] trustAllCerts = new TrustManager[]{
>> new X509TrustManager() {
>> public java.security.cert.X509Certificate[]
>> getAcceptedIssuers() {
>> return null;
>> }
>> public void checkClientTrusted(
>> java.security.cert.X509Certificate[] certs, String
>> authType) {
>> }
>> public void checkServerTrusted(
>> java.security.cert.X509Certificate[] certs, String
>> authType) {
>> }
>> }
>> };
>>
>> try {
>> SSLContext sc = SSLContext.getInstance("SSLv3");
>> sc.init(null, trustAllCerts, new java.security.SecureRandom());
>>
>> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>> } catch (Exception e) {
>>
>> e.getMessage();
>>
>> }
>>
>> </pre>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
Hey thanks for the reply. It is an intranet site but i am able to access it
ok when using my browser and the proxy server does not affect this site. I
think i have tried setting the timeout for both the connection and the
socket to unlim and it was still failing. I suspect somehow it is related
to the SSL but found it odd that i can connect to some SSL sites. A friend
of mine wrote a similar program that uses HTTPCLIENT (the one written by a
chinese group cant recall there name) and the code is similar and it works
fine. I want to the apache one because i believe it will have more ongoing
support.
Thanks.
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10158787
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sun, 2007-04-22 at 17:04 -0700, RossW wrote:
>
> olegk wrote:
> >
> >
> > Ross,
> >
> > (1) What is the version of JRE you are using?
> >
> > (2) Please post a _complete_ wire log of the HTTP session. Feel free to
> > obfuscate whatever details you deem sensitive. The information given so
> > far is simply not sufficient to identify the cause of the problem.
> >
> > Oleg
> >
> >
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> >
>
> Hi thanks for your help...Here is the output from the logging.
>
> <pre>
> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java version: 1.6.0
> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java vendor: Sun
> Microsystems Inc.
> 2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java class path:
> C:\Documents and Settings\User\Workspace\HTTPDApp;C:\Program
> Files\eclipse\plugins\org.eclipse.swt.win32.win32.x86_3.2.2.v3235a.jar
> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system name:
> Windows XP
> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system
> architecture: x86
> 2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system version:
> 5.1
> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
> JavaLoginConfig Configuration)
> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
> signature provider
> 2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
> provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
> 2007/04/23 09:55:27:078 EST [DEBUG] HttpClient - SunJCE 1.6: SunJCE Provider
> (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
> Diffie-Hellman, HMAC)
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunJGSS 1.0: Sun (Kerberos
> v5, SPNEGO)
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
> provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
> PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig (DOM
> XMLSignatureFactory; DOM KeyInfoFactory)
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
> provider
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
> Microsoft Crypto API provider
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.useragent = Jakarta Commons-HttpClient/3.1-alpha1
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.protocol.version = HTTP/1.1
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.connection-manager.class = class
> org.apache.commons.httpclient.SimpleHttpConnectionManager
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.protocol.cookie-policy = default
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.protocol.element-charset = US-ASCII
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.protocol.content-charset = ISO-8859-1
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.method.retry-handler =
> org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@c3c315
> 2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
> http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
> HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
> dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
> z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
> HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
> EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
> 2007/04/23 09:55:27:093 EST [DEBUG] HttpConnection - Open connection to
> www.securesite.com:443
> 2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Closing the
> connection.
> 2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - I/O exception
> (java.net.ConnectException) caught when processing request: Connection timed
> out: connect
> 2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Connection timed
> out: connect <java.net.ConnectException: Connection timed out:
> connect>java.net.ConnectException: Connection timed out: connect
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.PlainSocketImpl.doConnect(Unknown Source)
> at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
> at java.net.PlainSocketImpl.connect(Unknown Source)
> at java.net.SocksSocketImpl.connect(Unknown Source)
> at java.net.Socket.connect(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown
> Source)
> at
> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
> Source)
> at
> org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
> Source)
> at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
> Source)
> at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
> Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
> at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
>
> <removed trace from here down>
>
> 2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - Retrying request
> 2007/04/23 09:55:48:359 EST [DEBUG] HttpConnection - Open connection to
> www.securesite.com:443
>
> So just to add to this posting ill give your some info about what i am
> trying to do again. I have a secure site with with basic authentication
> that i need to access. I can get my app to access a non SSL site with basic
> authent without any probs but have been unable to do the same with a
> particular intra network SSL site. Here is the code i have to deal with the
> certificates as well:
>
Ross,
This appears to be some kind of connectivity problem. Is this an
intranet or internet site? Can you establish a connection to that site
using a browser?
You do not explicitly set a connect timeout value, so JRE the default
one applies. Try explicitly setting the connect timeout value to
something like 10 min and see what happens.
Oleg
> TrustManager[] trustAllCerts = new TrustManager[]{
> new X509TrustManager() {
> public java.security.cert.X509Certificate[]
> getAcceptedIssuers() {
> return null;
> }
> public void checkClientTrusted(
> java.security.cert.X509Certificate[] certs, String
> authType) {
> }
> public void checkServerTrusted(
> java.security.cert.X509Certificate[] certs, String
> authType) {
> }
> }
> };
>
> try {
> SSLContext sc = SSLContext.getInstance("SSLv3");
> sc.init(null, trustAllCerts, new java.security.SecureRandom());
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> } catch (Exception e) {
>
> e.getMessage();
>
> }
>
> </pre>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
olegk wrote:
>
>
> Ross,
>
> (1) What is the version of JRE you are using?
>
> (2) Please post a _complete_ wire log of the HTTP session. Feel free to
> obfuscate whatever details you deem sensitive. The information given so
> far is simply not sufficient to identify the cause of the problem.
>
> Oleg
>
>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
Hi thanks for your help...Here is the output from the logging.
<pre>
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java version: 1.6.0
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java class path:
C:\Documents and Settings\User\Workspace\HTTPDApp;C:\Program
Files\eclipse\plugins\org.eclipse.swt.win32.win32.x86_3.2.2.v3235a.jar
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system name:
Windows XP
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system
architecture: x86
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system version:
5.1
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
JavaLoginConfig Configuration)
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
signature provider
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2007/04/23 09:55:27:078 EST [DEBUG] HttpClient - SunJCE 1.6: SunJCE Provider
(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
Diffie-Hellman, HMAC)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunJGSS 1.0: Sun (Kerberos
v5, SPNEGO)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig (DOM
XMLSignatureFactory; DOM KeyInfoFactory)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
provider
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
Microsoft Crypto API provider
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.1-alpha1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = default
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@c3c315
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2007/04/23 09:55:27:093 EST [DEBUG] HttpConnection - Open connection to
www.securesite.com:443
2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Closing the
connection.
2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - I/O exception
(java.net.ConnectException) caught when processing request: Connection timed
out: connect
2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Connection timed
out: connect <java.net.ConnectException: Connection timed out:
connect>java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown
Source)
at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
Source)
at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
Source)
at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
Source)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
<removed trace from here down>
2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - Retrying request
2007/04/23 09:55:48:359 EST [DEBUG] HttpConnection - Open connection to
www.securesite.com:443
So just to add to this posting ill give your some info about what i am
trying to do again. I have a secure site with with basic authentication
that i need to access. I can get my app to access a non SSL site with basic
authent without any probs but have been unable to do the same with a
particular intra network SSL site. Here is the code i have to deal with the
certificates as well:
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String
authType) {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.getMessage();
}
</pre>
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10129216
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
olegk wrote:
>
>
> Ross,
>
> (1) What is the version of JRE you are using?
>
> (2) Please post a _complete_ wire log of the HTTP session. Feel free to
> obfuscate whatever details you deem sensitive. The information given so
> far is simply not sufficient to identify the cause of the problem.
>
> Oleg
>
>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
Hi thanks for your help...Here is the output from the logging.
<pre>
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java version: 1.6.0
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2007/04/23 09:55:26:968 EST [DEBUG] HttpClient - Java class path:
C:\Documents and Settings\User\Workspace\HTTPDApp;C:\Program
Files\eclipse\plugins\org.eclipse.swt.win32.win32.x86_3.2.2.v3235a.jar
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system name:
Windows XP
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system
architecture: x86
2007/04/23 09:55:26:984 EST [DEBUG] HttpClient - Operating system version:
5.1
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
JavaLoginConfig Configuration)
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
signature provider
2007/04/23 09:55:27:062 EST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2007/04/23 09:55:27:078 EST [DEBUG] HttpClient - SunJCE 1.6: SunJCE Provider
(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
Diffie-Hellman, HMAC)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunJGSS 1.0: Sun (Kerberos
v5, SPNEGO)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig (DOM
XMLSignatureFactory; DOM KeyInfoFactory)
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
provider
2007/04/23 09:55:27:093 EST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
Microsoft Crypto API provider
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.1-alpha1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = default
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@c3c315
2007/04/23 09:55:27:093 EST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2007/04/23 09:55:27:093 EST [DEBUG] HttpConnection - Open connection to
www.securesite.com:443
2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Closing the
connection.
2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - I/O exception
(java.net.ConnectException) caught when processing request: Connection timed
out: connect
2007/04/23 09:55:48:359 EST [DEBUG] HttpMethodDirector - Connection timed
out: connect <java.net.ConnectException: Connection timed out:
connect>java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Unknown
Source)
at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
Source)
at
org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(Unknown
Source)
at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown
Source)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown
Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
<removed trace from here down>
2007/04/23 09:55:48:359 EST [INFO] HttpMethodDirector - Retrying request
2007/04/23 09:55:48:359 EST [DEBUG] HttpConnection - Open connection to
www.securesite.com:443
</pre>
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10129216
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2007-04-19 at 22:33 -0700, RossW wrote:
>
>
> Hi,
>
> I think i have found the problem...kind of...i dont think it is with SSL
> now...i think it is with the authentication. I tried another SSL site that
> doesnt need authent to access it and it worked fine. Here is my code:
>
> HttpClient client = new HttpClient();
>
> client.getParams().setParameter("http.useragent", "Mozilla/4.0
> (compatible; MSIE 5.5; Windows NT 5.0)");
>
> client.getParams().setParameter("http.connection.timeout", 0);
> client.getParams().setParameter("http.socket.timeout", 0);
>
> HostConfiguration host = client.getHostConfiguration();
>
> try{
> host.setHost(new URI("https://www.securesite.com", true));
> }
> catch(Exception e)
> {
>
> }
>
> client.getState().setCredentials(
> new AuthScope("www.securesite.com", 443, null),
> new UsernamePasswordCredentials("uname", "passwd")
> );
>
>
> client.getParams().setAuthenticationPreemptive(true);
>
> GetMethod get = new GetMethod("/");
>
> get.getParams().setParameter("http.useragent","Mozilla/4.0
> (compatible; MSIE 5.5; Windows NT 5.0)");
> get.getParams().setParameter("http.connection.timeout",new
> Integer(0));
> get.getParams().setParameter("http.socket.timeout", new
> Integer(0));
>
>
> System.err.println("Authorization required by server");
>
> get.setDoAuthentication( true );
>
>
> try {
>
> int statusCode = client.executeMethod(host, get);
>
> System.out.println(get.getResponseBodyAsString());
>
> }
> catch(IOException e)
> {
> e.printStackTrace();
> }
> finally {
>
> get.releaseConnection();
> }
>
> And this is the response i get:
>
> 20/04/2007 15:28:48 org.apache.commons.httpclient.HttpMethodDirector
> executeWithRetry
> INFO: I/O exception (java.net.ConnectException) caught when processing
> request: Connection timed out: connect
> 20/04/2007 15:28:48 org.apache.commons.httpclient.HttpMethodDirector
> executeWithRetry
> INFO: Retrying request
>
> java.net.ConnectException: Connection timed out: connect
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.PlainSocketImpl.doConnect(Unknown Source)
>
Ross,
(1) What is the version of JRE you are using?
(2) Please post a _complete_ wire log of the HTTP session. Feel free to
obfuscate whatever details you deem sensitive. The information given so
far is simply not sufficient to identify the cause of the problem.
Oleg
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL Site
Posted by RossW <ro...@gmail.com>.
Hi,
I think i have found the problem...kind of...i dont think it is with SSL
now...i think it is with the authentication. I tried another SSL site that
doesnt need authent to access it and it worked fine. Here is my code:
HttpClient client = new HttpClient();
client.getParams().setParameter("http.useragent", "Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 5.0)");
client.getParams().setParameter("http.connection.timeout", 0);
client.getParams().setParameter("http.socket.timeout", 0);
HostConfiguration host = client.getHostConfiguration();
try{
host.setHost(new URI("https://www.securesite.com", true));
}
catch(Exception e)
{
}
client.getState().setCredentials(
new AuthScope("www.securesite.com", 443, null),
new UsernamePasswordCredentials("uname", "passwd")
);
client.getParams().setAuthenticationPreemptive(true);
GetMethod get = new GetMethod("/");
get.getParams().setParameter("http.useragent","Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 5.0)");
get.getParams().setParameter("http.connection.timeout",new
Integer(0));
get.getParams().setParameter("http.socket.timeout", new
Integer(0));
System.err.println("Authorization required by server");
get.setDoAuthentication( true );
try {
int statusCode = client.executeMethod(host, get);
System.out.println(get.getResponseBodyAsString());
}
catch(IOException e)
{
e.printStackTrace();
}
finally {
get.releaseConnection();
}
And this is the response i get:
20/04/2007 15:28:48 org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry
INFO: I/O exception (java.net.ConnectException) caught when processing
request: Connection timed out: connect
20/04/2007 15:28:48 org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry
INFO: Retrying request
java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
--
View this message in context: http://www.nabble.com/SSL-Site-tf3509897.html#a10091683
Sent from the HttpClient-User mailing list archive at Nabble.com.