[
https://issues.apache.org/jira/browse/HTTPCLIENT-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13112666#comment-13112666
]
David M. Karr commented on HTTPCLIENT-1091:
-------------------------------------------
We have some code that has been using HttpClient 3.0.1 for quite a while now.
Last night we tried to deploy changes to upgrade this to HttpClient 4.1.2. It
was going well until we deployed it to a server that was using dual ssl auth.
I never had any code that specifically handled SSL, either in the code using
3.0.1, or the new code using 4.1.2. When we deployed the new changes to that
server, we started getting "javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated" errors. Just now we finished the process of reverting those
changes back to use HttpClient 3.0.1, and now we're not getting this error
anymore.
Could someone explain why this might be? Do I need to have any specific code
for dual ssl auth with HttpClient 4.1.2?
> Regression: 2 way authentication with SSL doesn't work in versions 4.1.x,
> used to work with 4.0.x
> -------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1091
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1091
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1.1
> Reporter: Yuri Manusov
> Attachments: ClientConnectionTest.java, clientKeyStore.p12,
> clientTrustStore.jks, openSSLCertsCreation.bat, server.xml, serverKeyStore.jks
>
>
> Tried to create an SSL tunnel with two way authentication, was able to do
> that with versions 4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the
> exception:
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
> at ClientConnectionTest.main(ClientConnectionTest.java:38)
> the creation of the SSL certificates was done using open ssl and java keytool
> (script will be attached in openSSLCertsCreation.bat).
> as a client I've used a simple java client (will attach
> ClientConnectionTest.java)
> as a server Tomcat was used, and configured to allow ssl communication with 2
> way authentication (clientAuth="true").
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
