You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "KOTA, KUMAR (SBCSI)" <kk...@sbc.com> on 2004/12/10 04:47:54 UTC
SSLHandshakeException
Hi,
I am having a problem connecting through httpclient using https.
Basically, I am getting a SSLHandshakeException: unknown certificate
error. I tried making my own SSLProtocolFactory and registering it
(using Protocol.register) and in this new factory I tried to use the
ibmjsse.jar methods to help create the socket that HttpClient will
eventually take and use for communication, but that still gives me a
SSLHandshakeException (even though using the ibmjsse methods to
establish a connection, without using httpclient, works). Here is the
exception and bits of my code below and I was wondering if anyone had
any ideas regarding this issue?
=========Exception====================================================
Exception blockjavax.net.ssl.SSLHandshakeException: unknown certificate
at com.ibm.jsse.be.a(Unknown Source)
at com.ibm.jsse.b.a(Unknown Source)
at com.ibm.jsse.b.write(Unknown Source)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java(Inlin
ed Compiled Code))
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java(Compiled
Code))
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht
tpConnection.java:785)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase
.java:1926)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java
:1008)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
thodDirector.java:392)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
dDirector.java:178)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:4
37)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
24)
==========Main
Code=========================================================
Protocol authhttps = new Protocol("https",
new SSLProtocolSocketUtil(), 445);
Protocol.registerProtocol("https", authhttps);
// Create an instance of HttpClient.
HttpClient client = new HttpClient();
//Setting timeout
client.setTimeout(timeoutVal);
// Create a method instance.
GetMethod method = new GetMethod(sURLString);
// Execute the method.
int statusCode = client.executeMethod(method);
========SSLProtocolSocketUtil()=====================================
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import
org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.ibm.jsse.JSSESocketFactory;
import com.ibm.jsse.SSLContext;
import com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection;
public class SSLProtocolSocketUtil implements
SecureProtocolSocketFactory {
/** Log object for this class. */
private static final Log LOG =
LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
private static final String sClassName = "IBMConnectionUtil";
private static SSLContext context = null;
//private static SSLSocketFactory sslSocketFactory = null;
private static JSSESocketFactory sslSocketFactory = null;
private static SecureRandom secureRandom = null;
public SSLProtocolSocketUtil()
{
super();
}
//public static SSLSocketFactory getConnection(String url, TAPInfo
oTAPInfo) throws IOException{
public static JSSESocketFactory getConnection() throws
IOException{
URL secureURL = null;
HttpsURLConnection secureConn = null;
if (!initialized()) {
initialize();
}
return getSocketFactory();
}
private static boolean initialized() {
// Synchronized with the initialize() function.
synchronized (sClassName + ".initialize") {
return secureRandom != null;
}
}
private static void initialize() {
synchronized (sClassName + ".initialize") {
Security.addProvider(new
com.ibm.jsse.IBMJSSEProvider());
System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
if (secureRandom == null) {
secureRandom = new SecureRandom();
}
}
}
private static JSSESocketFactory getSocketFactory(){
try{
if (sslSocketFactory == null) {
secureRandom.nextInt();
context = (SSLContext)
SSLContext.getInstance("SSL");
// Initialize the SSL Context
//context.init(keyManFactory.getKeyManagers(),
trustManFactory.getTrustManagers(), secureRandom);
// Retrieve the socket factory
sslSocketFactory = (JSSESocketFactory)
context.getSocketFactory();
}
} catch (NoSuchAlgorithmException nsae) {
nsae.printStackTrace();
}
return sslSocketFactory;
}
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException
{
/*return getSSLContext().getSocketFactory().createSocket(
host,
port
);*/
return getConnection().createSocket(host,port);
}
Any help on this would be great.
Thank you,
Kumar Kota
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
Connection Reset Exception while downloading Huge files
Posted by IndianAtTech <in...@gmail.com>.
Hi All,
When I am trying to download the files, I get following exception. How
can I get rid from this exception??
I tied to set the Maximum connection timeout value also. But didn't get worked
Thanks
[java] read error: Connection reset
[java] java.net.SocketException: Connection reset by peer: socket write
r
[java] at java.net.SocketOutputStream.socketWrite0(Native Method)
[java] at java.net.SocketOutputStream.socketWrite(SocketOutputStream
a:92)
[java] at java.net.SocketOutputStream.write(SocketOutputStream.java:
[java] at org.apache.commons.httpclient.HttpConnection$WrappedOutput
am.write(HttpConnection.java:1368)
[java] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStr
java:69)
[java] at java.io.BufferedOutputStream.flush(BufferedOutputStream.ja
27)
[java] at org.apache.commons.httpclient.HttpConnection.flushRequestO
tStream(HttpConnection.java:799)
[java] at org.apache.commons.httpclient.HttpMethodBase.writeRequest(
MethodBase.java:2277)
[java] at org.apache.commons.httpclient.HttpMethodBase.processReques
tpMethodBase.java:2657)
[java] at org.apache.commons.httpclient.HttpMethodBase.execute(HttpM
dBase.java:1093)
[java] at org.apache.commons.httpclient.HttpClient.executeMethod(Htt
ent.java:674)
[java] at org.apache.commons.httpclient.HttpClient.executeMethod(Htt
ent.java:529)
[java] at org.prithvi.docparser.microsoft.msexchange.SaveAttachment.
load(SaveAttachment.java:154)
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
Re: SSLHandshakeException
Posted by Oleg Kalnichevski <ol...@apache.org>.
Kumar,
This problem has nothing to do with neither HttpClient nor IBM JSSE.
Basically the certificate sent by the server is not trusted by the
client. There are two ways of solving the problem:
(1) Easy one: trust any certificate
http://cvs.apache.org/viewcvs.cgi/jakarta-
commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java?rev=1.2.2.2&only_with_tag=HTTPCLIENT_2_0_BRANCH&view=markup
(2) right one: trust only specific server certificates
http://cvs.apache.org/viewcvs.cgi/jakarta-
commons/httpclient/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?rev=1.1.2.1&only_with_tag=HTTPCLIENT_2_0_BRANCH&view=markup
For detailed info on the problem please refer to the HttpClient SSL
guide and the JSSE documentation
Hope this helps
Oleg
On Thu, 2004-12-09 at 19:47 -0800, KOTA, KUMAR (SBCSI) wrote:
> Hi,
>
> I am having a problem connecting through httpclient using https.
> Basically, I am getting a SSLHandshakeException: unknown certificate
> error. I tried making my own SSLProtocolFactory and registering it
> (using Protocol.register) and in this new factory I tried to use the
> ibmjsse.jar methods to help create the socket that HttpClient will
> eventually take and use for communication, but that still gives me a
> SSLHandshakeException (even though using the ibmjsse methods to
> establish a connection, without using httpclient, works). Here is the
> exception and bits of my code below and I was wondering if anyone had
> any ideas regarding this issue?
>
> =========Exception====================================================
>
> Exception blockjavax.net.ssl.SSLHandshakeException: unknown certificate
> at com.ibm.jsse.be.a(Unknown Source)
> at com.ibm.jsse.b.a(Unknown Source)
> at com.ibm.jsse.b.write(Unknown Source)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java(Inlin
> ed Compiled Code))
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java(Compiled
> Code))
> at
> org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht
> tpConnection.java:785)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase
> .java:1926)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java
> :1008)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
> thodDirector.java:392)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
> dDirector.java:178)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:4
> 37)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
> 24)
>
> ==========Main
> Code=========================================================
>
> Protocol authhttps = new Protocol("https",
> new SSLProtocolSocketUtil(), 445);
> Protocol.registerProtocol("https", authhttps);
>
> // Create an instance of HttpClient.
> HttpClient client = new HttpClient();
>
> //Setting timeout
> client.setTimeout(timeoutVal);
>
> // Create a method instance.
> GetMethod method = new GetMethod(sURLString);
>
> // Execute the method.
> int statusCode = client.executeMethod(method);
>
>
> ========SSLProtocolSocketUtil()=====================================
> import java.io.IOException;
> import java.net.InetAddress;
> import java.net.Socket;
> import java.net.URL;
> import java.net.UnknownHostException;
> import java.security.NoSuchAlgorithmException;
> import java.security.SecureRandom;
> import java.security.Security;
>
> import org.apache.commons.httpclient.params.HttpConnectionParams;
> import
> org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
>
> import com.ibm.jsse.JSSESocketFactory;
> import com.ibm.jsse.SSLContext;
> import com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection;
>
>
> public class SSLProtocolSocketUtil implements
> SecureProtocolSocketFactory {
>
> /** Log object for this class. */
> private static final Log LOG =
> LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
>
> private static final String sClassName = "IBMConnectionUtil";
>
> private static SSLContext context = null;
> //private static SSLSocketFactory sslSocketFactory = null;
> private static JSSESocketFactory sslSocketFactory = null;
> private static SecureRandom secureRandom = null;
>
> public SSLProtocolSocketUtil()
> {
> super();
> }
>
> //public static SSLSocketFactory getConnection(String url, TAPInfo
> oTAPInfo) throws IOException{
> public static JSSESocketFactory getConnection() throws
> IOException{
>
> URL secureURL = null;
> HttpsURLConnection secureConn = null;
>
> if (!initialized()) {
> initialize();
> }
>
> return getSocketFactory();
> }
>
> private static boolean initialized() {
> // Synchronized with the initialize() function.
> synchronized (sClassName + ".initialize") {
> return secureRandom != null;
> }
> }
>
> private static void initialize() {
> synchronized (sClassName + ".initialize") {
> Security.addProvider(new
> com.ibm.jsse.IBMJSSEProvider());
> System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
>
> if (secureRandom == null) {
> secureRandom = new SecureRandom();
> }
> }
> }
>
> private static JSSESocketFactory getSocketFactory(){
> try{
> if (sslSocketFactory == null) {
>
> secureRandom.nextInt();
> context = (SSLContext)
> SSLContext.getInstance("SSL");
>
> // Initialize the SSL Context
>
> //context.init(keyManFactory.getKeyManagers(),
> trustManFactory.getTrustManagers(), secureRandom);
>
> // Retrieve the socket factory
> sslSocketFactory = (JSSESocketFactory)
> context.getSocketFactory();
> }
> } catch (NoSuchAlgorithmException nsae) {
> nsae.printStackTrace();
> }
>
> return sslSocketFactory;
> }
>
> public Socket createSocket(String host, int port)
> throws IOException, UnknownHostException
> {
> /*return getSSLContext().getSocketFactory().createSocket(
> host,
> port
> );*/
>
> return getConnection().createSocket(host,port);
> }
>
> Any help on this would be great.
>
> Thank you,
> Kumar Kota
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org