On Wed, 2003-11-12 at 17:24, Aaron Williams wrote: > I've also recently been getting this error and was hoping someone could > shed some light on it. > > We're using the RC2 version of HttpClient and our JDK versions are all > 1.4 or greater. The client we are connecting to seems to have a > Verisign certificate. Initially our client worked, but we later began > getting the SSLHandshakeException. This occurred with no changes on the > client side. >
Aaron, it all sounds a bit fishy to me. To my best knowledge SSLHandshakeException (Could not find the trusted certificate) thrown only in case of the target server's certificate having been signed with a untrusted certificate. This is highly improbable that a certificate would once of a sudden become untrusted (As far as I know JSSE does not currently provide support for certificate revocation lists). So, the problem could possibly indicate one of those: - corruption of local certificate store (not impossible, but unlikely) - the server certificate signed with a trusted root certificate has been replaced with a self signed certificate. In the latter case the EasySSLProtocolSocketFactory should do the trick. However, I would encourage you not to copy in blindly, but rather take it as a starting point and customise its functionality to better match the requirements of your particular application. Hope this helps somewhat Oleg > We do have the lines > > Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); > host.setHost(hostname, port, "https"); > client.setHostConfiguration(host); > > Before we create PostMethod() > > Here is the thrown exception > > javax.net.ssl.SSLHandshakeException: Could not find the trusted > certificate > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275) > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > at > org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(H > ttpConnection.java:1351) > at java.io.BufferedOutputStream.flushBuffer(Unknown Source) > at java.io.BufferedOutputStream.flush(Unknown Source) > at > org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht > tpConnection.java:779) > at > org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase > .java:2257) > at > org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBa > se.java:2629) > at > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java > :1085) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:6 > 74) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:5 > 29) > > Can anyone help with this? Would using EasySSLProtocolSocketFactory > class fix this error? > > Thanks, > Aaron > > > -----Original Message----- > From: Marcus Crafter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 12, 2003 8:43 AM > To: Commons HttpClient Project > Subject: Re: SSL-Connection to unstrusted host > > > H Sven, Roland, > > There's an example socket factory available on the website: > > http://jakarta.apache.org/commons/httpclient/sslguide.html > > Have a look for the EasySSLProtocolSocketFactory class. > > Hope that helps. > > Cheers, > > Marcus > > On Wed, 2003-11-12 at 15:34, Roland Weber wrote: > > Hello Sven, > > > > you will have to register your own secure socket factory. > > In that factory, you can establish SSL connections without verifying > > certificates. Alas, I don't remember whether such code is included in > > the examples or has been posted to the mailing list. But the topic > > itself pops up every few months, so you're likely to find sample code > > somewhere. > > > > See interface SecureProtocolSocketFactory and class > > Protocol (method registerProtocol) to get started. > > > > regards, > > Roland > > > > > > > > > > > > > > Sven Köhler <[EMAIL PROTECTED]> > > 12.11.2003 15:10 > > Please respond to "Commons HttpClient Project" > > > > To: Commons HttpClient Project > > <[EMAIL PROTECTED]> > > cc: > > Subject: SSL-Connection to unstrusted host > > > > > > Well, the subject says it all: > > > > I'd like to connect to a host with an untrusted SSL-certfictate. When > > trying to connect, i always get the following exception: > > > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: > > No trusted certificate found > > at > > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at > com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > at > com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > > at > com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > > at > > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) > > at > > > org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(H > ttpConnection.java:1351) > > at > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) > > at > > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) > > at > > > org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht > tpConnection.java:779) > > at > > > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpCon > nectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManag > er.java:1145) > > at > > > org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase > .java:2257) > > at > > > org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBa > se.java:2629) > > at > > > org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java > :1085) > > at > > > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:6 > 74) > > ... > > > > Is there any option to turn the check off? > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]