SSL via Proxy Problems

[michael haeusler]

Hello,

I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3
our application does not work correctly any more.
the http server that the application connects to requires SSL with 
client-certificates.
without a http-proxy server there is no problem.
when using a http-proxy server, the result depends on the proxy server, 
it either never responds, or a "peer not authenticated" exception is 
thrown at the application.
here is log debug log:

org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.protocol.version = HTTP/1.1
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.connection-manager.class = class 
org.apache.commons.httpclient.SimpleHttpConnectionManager
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.protocol.cookie-policy = rfc2109
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.protocol.element-charset = US-ASCII
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.protocol.content-charset = ISO-8859-1
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.method.retry-handler = 
[EMAIL PROTECTED]
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, 
EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy 
HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE 
dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy 
HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, 
EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy 
HH:mm:ss z]
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.connection-manager.max-per-host = {HostConfiguration[]=20}
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.connection-manager.max-total = 500
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.connection.timeout = 60000
org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08
org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun 
Microsystems Inc.
org.apache.commons.httpclient.HttpClient - 10000 - Java class path: 
jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar
org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
name: Windows XP
org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
architecture: x86
org.apache.commons.httpclient.HttpClient - 10000 - Operating system 
version: 5.1
org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA 
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; 
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX 
CertPathBuilder; LDAP, Collection CertStores)
org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun 
JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust 
factories, SSLv3, TLSv1)
org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42: 
SUN's provider for RSA signatures
org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE 
Provider (implements DES, Triple DES, AES, Blowfish, PBE, 
Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun 
(Kerberos v5)
org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle 
Security Provider v1.29
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.socket.timeout = 0
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
PostMethod.clearRequestBody()
org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
enter EntityEnclosingMethod.clearRequestBody()
org.apache.commons.httpclient.HttpClient - 10000 - enter 
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter 
HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- HttpConnectionManager.getConnection:  config = 
HostConfiguration[host=https://localhost, 
proxyHost=http://192.168.200.224:8888], timeout = 0
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- Allocating new connection, 
hostConfig=HostConfiguration[host=https://localhost, 
proxyHost=http://192.168.200.224:8888]
org.apache.commons.httpclient.HttpConnection - 10000 - enter 
HttpConnection.open()
org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
to 192.168.200.224:8888
org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set 
parameter http.socket.timeout = 0
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.HttpMethodBase - 10000 - 
HttpMethodBase.addRequestHeader(Header)
org.apache.commons.httpclient.methods.PostMethod - 10000 - enter 
PostMethod.clearRequestBody()
org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - 
enter EntityEnclosingMethod.clearRequestBody()
org.apache.commons.httpclient.HttpClient - 10000 - enter 
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter 
HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- HttpConnectionManager.getConnection:  config = 
HostConfiguration[host=https://localhost, 
proxyHost=http://192.168.200.224:8888], timeout = 0
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 
- Allocating new connection, 
hostConfig=HostConfiguration[host=https://localhost, 
proxyHost=http://192.168.200.224:8888]
org.apache.commons.httpclient.HttpConnection - 10000 - enter 
HttpConnection.open()
org.apache.commons.httpclient.HttpConnection - 10000 - Open connection 
to 192.168.200.224:8888
org.apache.commons.httpclient.HttpConnection - 10000 - enter 
HttpConnection.closeSockedAndStreams()
org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the 
connection.
org.apache.commons.httpclient.HttpConnection - 10000 - enter 
HttpConnection.close()
org.apache.commons.httpclient.HttpConnection - 10000 - enter 
HttpConnection.closeSockedAndStreams()
org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception 
caught when processing request: peer not authenticated
org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not 
authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
   at 
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
   at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source)
   at 
de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source)
   at 
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704)
   at 
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339)
   at 
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382)
   at 
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168)
   at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
   at de.msg.transport.HttpProvider.sendMessage(Unknown Source)
   at de.msg.j.run(Unknown Source)
org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]