You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2013/03/09 12:45:12 UTC
[jira] [Commented] (HTTPCLIENT-1320)
SSLSocketFactory.createSystemSSLContext causes
java.security.UnrecoverableKeyException: Password verification failed
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13597905#comment-13597905 ]
Oleg Kalnichevski commented on HTTPCLIENT-1320:
-----------------------------------------------
I made some changes to the way default SSL contexts are created and initialized. Instead of using an internal custom routine HttpClient 4.2.x and 4.3 now leverage javax.net.ssl.SSLSocketFactory#getDefault() to create a socket factory with a SSL context based on system properties.
Please review / re-test.
Oleg
> SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed
> --------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1320
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1320
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.2, 4.2.3, 4.2.4, 4.3 Alpha1, 4.3 Alpha2, 4.3 Final
> Environment: Java System Property javax.net.ssl.trustStore is set, but javax.net.ssl.trustStorePassword is not.
> Reporter: Abe Backus
> Fix For: 4.2.4, 4.3 Alpha2
>
> Attachments: HTTPCLIENT_1320.java, HTTPCLIENT-1320.patch
>
>
> When the Java System property "javax.net.ssl.trustStore" is specified, but "javax.net.ssl.trustStorePassword" is not, requests are encountering the exception listed below. This is reproducible in version 4.2.1 and looking at the relevant code, it should also be reproducible in all other versions as well.
> This appears to be fixed if the password value for loading the keystore falls back to *null* instead of the empty string. I'm not sure if this problem also exists with the "javax.net.ssl.keyStore" logic as well, but I suspect it does.
> The workaround is to set the "javax.net.ssl.trustStorePassword" appropriately, assuming that you know the correct value.
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> ... 37 more
> Caused by: java.security.UnrecoverableKeyException: Password verification failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> ... 41 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org