Michael, This means one and only thing: misconfiguration of the SSL context, which is strictly speaking not a problem with HttpClient. For details see the SSL guide [1]. You might want to take a closer look at the AuthSSLProtocolSocketFactory in particular.
Hope this helps, Oleg [1] http://jakarta.apache.org/commons/httpclient/sslguide.html On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote: > Hello, > > I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3 > our application does not work correctly any more. > > the http server that the application connects to requires SSL with > client-certificates. > without a http-proxy server there is no problem. > when using a http-proxy server, the result depends on the proxy server, > it either never responds, or a "peer not authenticated" exception is > thrown at the application. > here is log debug log: > > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.protocol.version = HTTP/1.1 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.connection-manager.class = class > org.apache.commons.httpclient.SimpleHttpConnectionManager > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.protocol.cookie-policy = rfc2109 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.protocol.element-charset = US-ASCII > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.protocol.content-charset = ISO-8859-1 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.method.retry-handler = > [EMAIL PROTECTED] > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, > EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy > HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE > dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy > HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, > EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy > HH:mm:ss z] > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.connection-manager.max-per-host = {HostConfiguration[]=20} > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.connection-manager.max-total = 500 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.connection.timeout = 60000 > org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08 > org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun > Microsystems Inc. > org.apache.commons.httpclient.HttpClient - 10000 - Java class path: > jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar > org.apache.commons.httpclient.HttpClient - 10000 - Operating system > name: Windows XP > org.apache.commons.httpclient.HttpClient - 10000 - Operating system > architecture: x86 > org.apache.commons.httpclient.HttpClient - 10000 - Operating system > version: 5.1 > org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA > key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; > X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX > CertPathBuilder; LDAP, Collection CertStores) > org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun > JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust > factories, SSLv3, TLSv1) > org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42: > SUN's provider for RSA signatures > org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE > Provider (implements DES, Triple DES, AES, Blowfish, PBE, > Diffie-Hellman, HMAC-MD5, HMAC-SHA1) > org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun > (Kerberos v5) > org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle > Security Provider v1.29 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.socket.timeout = 0 > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.methods.PostMethod - 10000 - enter > PostMethod.clearRequestBody() > org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - > enter EntityEnclosingMethod.clearRequestBody() > org.apache.commons.httpclient.HttpClient - 10000 - enter > HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter > HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - HttpConnectionManager.getConnection: config = > HostConfiguration[host=https://localhost, > proxyHost=http://192.168.200.224:8888], timeout = 0 > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - Allocating new connection, > hostConfig=HostConfiguration[host=https://localhost, > proxyHost=http://192.168.200.224:8888] > org.apache.commons.httpclient.HttpConnection - 10000 - enter > HttpConnection.open() > org.apache.commons.httpclient.HttpConnection - 10000 - Open connection > to 192.168.200.224:8888 > org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > parameter http.socket.timeout = 0 > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.HttpMethodBase - 10000 - > HttpMethodBase.addRequestHeader(Header) > org.apache.commons.httpclient.methods.PostMethod - 10000 - enter > PostMethod.clearRequestBody() > org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - > enter EntityEnclosingMethod.clearRequestBody() > org.apache.commons.httpclient.HttpClient - 10000 - enter > HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter > HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - HttpConnectionManager.getConnection: config = > HostConfiguration[host=https://localhost, > proxyHost=http://192.168.200.224:8888], timeout = 0 > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - enter HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > - Allocating new connection, > hostConfig=HostConfiguration[host=https://localhost, > proxyHost=http://192.168.200.224:8888] > org.apache.commons.httpclient.HttpConnection - 10000 - enter > HttpConnection.open() > org.apache.commons.httpclient.HttpConnection - 10000 - Open connection > to 192.168.200.224:8888 > org.apache.commons.httpclient.HttpConnection - 10000 - enter > HttpConnection.closeSockedAndStreams() > org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the > connection. > org.apache.commons.httpclient.HttpConnection - 10000 - enter > HttpConnection.close() > org.apache.commons.httpclient.HttpConnection - 10000 - enter > HttpConnection.closeSockedAndStreams() > org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception > caught when processing request: peer not authenticated > org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not > authenticated > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275) > at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source) > at > de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source) > at > org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704) > at > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339) > at > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382) > at > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) > at de.msg.transport.HttpProvider.sendMessage(Unknown Source) > at de.msg.j.run(Unknown Source) > org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying request > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
