On Thu, Aug 18, 2005 at 02:18:27PM +0200, michael haeusler wrote: > Oleg, > > how could this be a problem of the SSL context if all works fine in > client 3-rc3 without proxy, > and also works fine in client 2 with or without proxy. >
Because this is what I see in the exception stack trace. Please review the de.msg.transport.ssl.SSLProtocolSocketFactory class and make sure that it correctly implements the SecureProtocolSocketFactory interface, especially new methods introduced in 3.0 Oleg > something must be different in client 3. > > Oleg Kalnichevski wrote: > > >Michael, > > > >This means one and only thing: misconfiguration of the SSL context, > >which is strictly speaking not a problem with HttpClient. For details > >see the SSL guide [1]. You might want to take a closer look at the > >AuthSSLProtocolSocketFactory in particular. > > > >Hope this helps, > > > >Oleg > > > >[1] http://jakarta.apache.org/commons/httpclient/sslguide.html > > > > > >On Thu, Aug 18, 2005 at 12:37:05PM +0200, michael haeusler wrote: > > > > > >>Hello, > >> > >>I noticed that after upgrading from http-client 2.0 to http-client 3.0-rc3 > >>our application does not work correctly any more. > >> > >>the http server that the application connects to requires SSL with > >>client-certificates. > >>without a http-proxy server there is no problem. > >>when using a http-proxy server, the result depends on the proxy server, > >>it either never responds, or a "peer not authenticated" exception is > >>thrown at the application. > >>here is log debug log: > >> > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.useragent = Jakarta Commons-HttpClient/3.0-rc3 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.protocol.version = HTTP/1.1 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.connection-manager.class = class > >>org.apache.commons.httpclient.SimpleHttpConnectionManager > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.protocol.cookie-policy = rfc2109 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.protocol.element-charset = US-ASCII > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.protocol.content-charset = ISO-8859-1 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.method.retry-handler = > >>[EMAIL PROTECTED] > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, > >>EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy > >>HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE > >>dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy > >>HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, > >>EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy > >>HH:mm:ss z] > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.connection-manager.max-per-host = {HostConfiguration[]=20} > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.connection-manager.max-total = 500 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.connection.timeout = 60000 > >>org.apache.commons.httpclient.HttpClient - 10000 - Java version: 1.4.2_08 > >>org.apache.commons.httpclient.HttpClient - 10000 - Java vendor: Sun > >>Microsystems Inc. > >>org.apache.commons.httpclient.HttpClient - 10000 - Java class path: > >>jre\lib\tools.jar;tomcat-5.0.28\bin\bootstrap.jar > >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system > >>name: Windows XP > >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system > >>architecture: x86 > >>org.apache.commons.httpclient.HttpClient - 10000 - Operating system > >>version: 5.1 > >>org.apache.commons.httpclient.HttpClient - 10000 - SUN 1.42: SUN (DSA > >>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; > >>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX > >>CertPathBuilder; LDAP, Collection CertStores) > >>org.apache.commons.httpclient.HttpClient - 10000 - SunJSSE 1.42: Sun > >>JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust > >>factories, SSLv3, TLSv1) > >>org.apache.commons.httpclient.HttpClient - 10000 - SunRsaSign 1.42: > >>SUN's provider for RSA signatures > >>org.apache.commons.httpclient.HttpClient - 10000 - SunJCE 1.42: SunJCE > >>Provider (implements DES, Triple DES, AES, Blowfish, PBE, > >>Diffie-Hellman, HMAC-MD5, HMAC-SHA1) > >>org.apache.commons.httpclient.HttpClient - 10000 - SunJGSS 1.0: Sun > >>(Kerberos v5) > >>org.apache.commons.httpclient.HttpClient - 10000 - BC 1.29: BouncyCastle > >>Security Provider v1.29 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.socket.timeout = 0 > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter > >>PostMethod.clearRequestBody() > >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - > >>enter EntityEnclosingMethod.clearRequestBody() > >>org.apache.commons.httpclient.HttpClient - 10000 - enter > >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- HttpConnectionManager.getConnection: config = > >>HostConfiguration[host=https://localhost, > >>proxyHost=http://192.168.200.224:8888], timeout = 0 > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- Allocating new connection, > >>hostConfig=HostConfiguration[host=https://localhost, > >>proxyHost=http://192.168.200.224:8888] > >>org.apache.commons.httpclient.HttpConnection - 10000 - enter > >>HttpConnection.open() > >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection > >>to 192.168.200.224:8888 > >>org.apache.commons.httpclient.params.DefaultHttpParams - 10000 - Set > >>parameter http.socket.timeout = 0 > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.HttpMethodBase - 10000 - > >>HttpMethodBase.addRequestHeader(Header) > >>org.apache.commons.httpclient.methods.PostMethod - 10000 - enter > >>PostMethod.clearRequestBody() > >>org.apache.commons.httpclient.methods.EntityEnclosingMethod - 10000 - > >>enter EntityEnclosingMethod.clearRequestBody() > >>org.apache.commons.httpclient.HttpClient - 10000 - enter > >>HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.getConnectionWithTimeout(HostConfiguration, long) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- HttpConnectionManager.getConnection: config = > >>HostConfiguration[host=https://localhost, > >>proxyHost=http://192.168.200.224:8888], timeout = 0 > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- enter > >>HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration) > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager - 10000 > >>- Allocating new connection, > >>hostConfig=HostConfiguration[host=https://localhost, > >>proxyHost=http://192.168.200.224:8888] > >>org.apache.commons.httpclient.HttpConnection - 10000 - enter > >>HttpConnection.open() > >>org.apache.commons.httpclient.HttpConnection - 10000 - Open connection > >>to 192.168.200.224:8888 > >>org.apache.commons.httpclient.HttpConnection - 10000 - enter > >>HttpConnection.closeSockedAndStreams() > >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - Closing the > >>connection. > >>org.apache.commons.httpclient.HttpConnection - 10000 - enter > >>HttpConnection.close() > >>org.apache.commons.httpclient.HttpConnection - 10000 - enter > >>HttpConnection.closeSockedAndStreams() > >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - I/O exception > >>caught when processing request: peer not authenticated > >>org.apache.commons.httpclient.HttpMethodDirector - 10000 - peer not > >>authenticated > >>javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > >> at > >>com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275) > >> at de.msg.transport.ssl.SSLProtocolSocketFactory.o00000(Unknown Source) > >> at > >>de.msg.transport.ssl.SSLProtocolSocketFactory.createSocket(Unknown Source) > >> at > >>org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:704) > >> at > >>org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1339) > >> at > >>org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:382) > >> at > >>org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:168) > >> at > >>org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396) > >> at de.msg.transport.HttpProvider.sendMessage(Unknown Source) > >> at de.msg.j.run(Unknown Source) > >>org.apache.commons.httpclient.HttpMethodDirector - 20000 - Retrying > >>request > >> > >> > >> > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > Mit freundlichen Gr??en / Best Regards, > Michael H?usler > __________________________________________________________________ > Ponton Consulting GmbH voice: + 49.40.69213-340 > http://www.ponton-consulting.de/ fax: + 49.40.69213-355 > Dorotheenstra?e 60 > D-22301 Hamburg > Ponton Consulting is a Member of C1 Group > __________________________________________________________________ > > HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz > Ponton Consulting is a Member of C1 Group (www.c1-group.com) > __________________________________________________________________ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
