sudhish created HTTPASYNC-111:
---------------------------------
Summary: SSL issue using SSLIOSessionStrategy and
PoolingNHttpClientConnectionManager
Key: HTTPASYNC-111
URL: https://issues.apache.org/jira/browse/HTTPASYNC-111
Project: HttpComponents HttpAsyncClient
Issue Type: Bug
Affects Versions: 4.1.1
Reporter: sudhish
I am new to this so please pardon (and also educate me) if I am doing this
wrong on this board.
I am running on WebSphere application server (v 8.5.1) and Java 1.6
I found an issue using the async client.. My code looks like this.
Registry<SchemeIOSessionStrategy> sessionStrategyRegistry =
RegistryBuilder.<SchemeIOSessionStrategy>create()
.register("http", NoopIOSessionStrategy.INSTANCE)
.register("https",
SSLIOSessionStrategy.getSystemDefaultStrategy())
.build();
IOReactorConfig ioReactorConfig =
IOReactorConfig.custom()
.setIoThreadCount(Runtime.getRuntime().availableProcessors())
.setConnectTimeout(30000)
.setSoTimeout(30000)
.build();
ConnectingIOReactor ioReactor = new
DefaultConnectingIOReactor(ioReactorConfig);
PoolingNHttpClientConnectionManager connManager = new
PoolingNHttpClientConnectionManager(
ioReactor, sessionStrategyRegistry);
connManager.setDefaultMaxPerRoute(2);
connManager.setMaxTotal(20);
closeableHttpAsyncClient = HttpAsyncClientBuilder.create()
.setDefaultRequestConfig(RequestConfig.custom()
.setConnectionRequestTimeout(30000)
.setConnectTimeout(30000)
.setSocketTimeout(60000)
.setCookieSpec(CookieSpecs.IGNORE_COOKIES)
.build())
.setConnectionManager(connManager)
.build();
When I execute
Future<HttpResponse> future = closeableHttpAsyncClient.execute(request1, null);
It fails with a
aused by:
java.security.cert.CertPathValidatorException: The certificate issued by
CN=Principal Root CA G2 is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining
error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at
com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at
com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:356)
... 25 more
Caused by:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 30 more
My certs are ok.
Without using Asycn client. When I run using non-async client. It works
(working code below). Since I am in WebSphere and it makes it own
configurations for SSL. I was forced to use
SSLConnectionSocketFactory.getSystemSocketFactory() <-- Without this, I get the
same error as above.
CloseableHttpClient client = HttpClients.custom()
.setSSLSocketFactory(SSLConnectionSocketFactory.getSystemSocketFactory()) //
this line is key!
.build();
final HttpGet request1 = new HttpGet(Url);
CloseableHttpResponse resp = client.execute(request1);
I went through all your examples and under the assumption that
SSLCOntext.createSystemDefault() should exhibit the same behaviour as
SSLConnectionSocketFactory.getSystemSocketFactory() ?..
It appears its not? Am I missing something?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
