You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Christiaan Lamprecht <ch...@googlemail.com> on 2008/02/11 18:51:47 UTC
Re: MTHCM Connection Pool re-use
Thanks,
Seems like my assertion;
> > Re-using a connection means re-using the SSL session associated with
> > it. I need to create a new session for each client (i.e for each
> > thread)
.. was only partly true at best. It seems that a new SSL session is
created for every instance of the ProtocolSocketFactory.
So if in the main thread I do;
Protocol.registerProtocol("https", new Protocol("https",
(ProtocolSocketFactory)new EasySSLProtocolSocketFactory(), 8085));
and in each of the spawned threads; (using the MTHCM of course)
hostConfig.setHost("https://mega01.ac.uk/index.html", 8085, "https");
everything works fine. But I would like a new instance of the Protocol
per thread in order to have multiple SSL sessions. So if I remove
Protocol.registerProtocol(...) from the main thread and do;
hostConfig.setHost("https://mega01.ac.uk/index.html", 8085, new
Protocol("https", (ProtocolSocketFactory)new
EasySSLProtocolSocketFactory(), 8085));
in the threads instead, and execute the method on that host instead, I
get the following error:
Fatal transport error: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at HttpConnectionAdapter.flushRequestOutputStream(HttpConnectionAdapter.java:433)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.FluxHttpMethodDirector.executeWithRetry(FluxHttpMethodDirector.java:402)
at org.apache.commons.httpclient.FluxHttpMethodDirector.executeMethod(FluxHttpMethodDirector.java:174)
at SessionThread.executeMethod(SessionThread.java:250)
at SessionThread.run(SessionThread.java:116)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 25 more
Since it works in the first case and not the second I assume I forgot
to initialise something somewhere?
Thanks again
Christiaan
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: MTHCM Connection Pool re-use
Posted by Christiaan Lamprecht <ch...@googlemail.com>.
Just in case anyone stumbles on the same problem:
Solution is here:
http://www.mail-archive.com/httpclient-user@jakarta.apache.org/msg01028.html
Also;
> hostConfig.setHost("https://mega01.ac.uk/index.html", 8085, new
> Protocol("https", (ProtocolSocketFactory)new
> EasySSLProtocolSocketFactory(), 8085));
>
> in the threads instead, and execute the method on that host instead, I
> get the following error:
also remove https before mega01:
hostConfig.setHost("https://mega01.ac.uk/index.html", .....);
In regard to the first question I did the following (there can of
course be a better solution...)
MTHCM does a very good job at reusing connections for a particular
host configuration, and therefore for a particular PC. The main
concept was to extend HostConfiguration with a unique id to allow
multiple HostConfigurations per target machine, which in turn meant
there could be a unique pool and SSL session for each
HostConfiguration. Also made a few++ other changes.
Thanks again for all the help
Christiaan
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org