On Mon, 2011-08-22 at 14:24 -0700, Patrick Lightbody wrote: > I have the code below, which results in this exception: > > Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not > authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) > at > org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339) > at > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123) > at > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147) > at > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:101) > at > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:381) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576) > at > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554) > > What's weird is that this code works for almost all URLs (try > https://fidelity.com, for example) but a few do not work. We've narrowed it > down to this simple change in Apache: > > # Works > SSLProtocol -ALL +SSLv3 +TLSv1 > > # Doesn't work > SSLProtocol -ALL +SSLv3 > > Any idea how I could support these kinds of SSL setups while still supporting > all other major sites (fidelity.com, twitter.com, etc). My goal is pretty > much just to accept all SSL certs and my TrustingSSLSocketFactory gets me 99% > there, but I'd like to be 100% there. Any tips? > > Patrick >
Hi Patrick Run your application with the SSL debug mode on and see if there is anything in the log that may indicate an issue leading the Oracle's implementation of JSSE to consider the peer untrusted. http://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
