RE: SSL-Connection to unstrusted host
On Wed, 2003-11-12 at 17:24, Aaron Williams wrote: I've also recently been getting this error and was hoping someone could shed some light on it. We're using the RC2 version of HttpClient and our JDK versions are all 1.4 or greater. The client we are connecting to seems to have a Verisign certificate. Initially our client worked, but we later began getting the SSLHandshakeException. This occurred with no changes on the client side. Aaron, it all sounds a bit fishy to me. To my best knowledge SSLHandshakeException (Could not find the trusted certificate) thrown only in case of the target server's certificate having been signed with a untrusted certificate. This is highly improbable that a certificate would once of a sudden become untrusted (As far as I know JSSE does not currently provide support for certificate revocation lists). So, the problem could possibly indicate one of those: - corruption of local certificate store (not impossible, but unlikely) - the server certificate signed with a trusted root certificate has been replaced with a self signed certificate. In the latter case the EasySSLProtocolSocketFactory should do the trick. However, I would encourage you not to copy in blindly, but rather take it as a starting point and customise its functionality to better match the requirements of your particular application. Hope this helps somewhat Oleg We do have the lines Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); host.setHost(hostname, port, https); client.setHostConfiguration(host); Before we create PostMethod() Here is the thrown exception javax.net.ssl.SSLHandshakeException: Could not find the trusted certificate at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(H ttpConnection.java:1351) at java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.io.BufferedOutputStream.flush(Unknown Source) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht tpConnection.java:779) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase .java:2257) at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBa se.java:2629) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java :1085) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:6 74) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:5 29) Can anyone help with this? Would using EasySSLProtocolSocketFactory class fix this error? Thanks, Aaron -Original Message- From: Marcus Crafter [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 8:43 AM To: Commons HttpClient Project Subject: Re: SSL-Connection to unstrusted host H Sven, Roland, There's an example socket factory available on the website: http://jakarta.apache.org/commons/httpclient/sslguide.html Have a look for the EasySSLProtocolSocketFactory class. Hope that helps. Cheers, Marcus On Wed, 2003-11-12 at 15:34, Roland Weber wrote: Hello Sven, you will have to register your own secure socket factory. In that factory, you can establish SSL connections without verifying certificates. Alas, I don't remember whether such code is included in the examples or has been posted to the mailing list. But the topic itself pops up every few months, so you're likely to find sample code somewhere. See interface SecureProtocolSocketFactory and class Protocol (method registerProtocol) to get started. regards, Roland Sven Köhler [EMAIL PROTECTED] 12.11.2003 15:10 Please respond to Commons HttpClient Project To: Commons HttpClient Project [EMAIL PROTECTED] cc: Subject:SSL-Connection to unstrusted host Well, the subject says it all: I'd like to connect to a host with an untrusted SSL-certfictate. When trying to connect, i always get the following exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a
SSL-Connection to unstrusted host
Well, the subject says it all: I'd like to connect to a host with an untrusted SSL-certfictate. When trying to connect, i always get the following exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1351) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1145) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2257) at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2629) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1085) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:674) ... Is there any option to turn the check off? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL-Connection to unstrusted host
Hello Sven, you will have to register your own secure socket factory. In that factory, you can establish SSL connections without verifying certificates. Alas, I don't remember whether such code is included in the examples or has been posted to the mailing list. But the topic itself pops up every few months, so you're likely to find sample code somewhere. See interface SecureProtocolSocketFactory and class Protocol (method registerProtocol) to get started. regards, Roland Sven Köhler [EMAIL PROTECTED] 12.11.2003 15:10 Please respond to Commons HttpClient Project To: Commons HttpClient Project [EMAIL PROTECTED] cc: Subject:SSL-Connection to unstrusted host Well, the subject says it all: I'd like to connect to a host with an untrusted SSL-certfictate. When trying to connect, i always get the following exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1351) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1145) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2257) at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2629) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1085) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:674) ... Is there any option to turn the check off? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL-Connection to unstrusted host
I've also recently been getting this error and was hoping someone could shed some light on it. We're using the RC2 version of HttpClient and our JDK versions are all 1.4 or greater. The client we are connecting to seems to have a Verisign certificate. Initially our client worked, but we later began getting the SSLHandshakeException. This occurred with no changes on the client side. We do have the lines Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); host.setHost(hostname, port, https); client.setHostConfiguration(host); Before we create PostMethod() Here is the thrown exception javax.net.ssl.SSLHandshakeException: Could not find the trusted certificate at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(H ttpConnection.java:1351) at java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.io.BufferedOutputStream.flush(Unknown Source) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht tpConnection.java:779) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase .java:2257) at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBa se.java:2629) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java :1085) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:6 74) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:5 29) Can anyone help with this? Would using EasySSLProtocolSocketFactory class fix this error? Thanks, Aaron -Original Message- From: Marcus Crafter [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 8:43 AM To: Commons HttpClient Project Subject: Re: SSL-Connection to unstrusted host H Sven, Roland, There's an example socket factory available on the website: http://jakarta.apache.org/commons/httpclient/sslguide.html Have a look for the EasySSLProtocolSocketFactory class. Hope that helps. Cheers, Marcus On Wed, 2003-11-12 at 15:34, Roland Weber wrote: Hello Sven, you will have to register your own secure socket factory. In that factory, you can establish SSL connections without verifying certificates. Alas, I don't remember whether such code is included in the examples or has been posted to the mailing list. But the topic itself pops up every few months, so you're likely to find sample code somewhere. See interface SecureProtocolSocketFactory and class Protocol (method registerProtocol) to get started. regards, Roland Sven Köhler [EMAIL PROTECTED] 12.11.2003 15:10 Please respond to Commons HttpClient Project To: Commons HttpClient Project [EMAIL PROTECTED] cc: Subject:SSL-Connection to unstrusted host Well, the subject says it all: I'd like to connect to a host with an untrusted SSL-certfictate. When trying to connect, i always get the following exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275) at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(H ttpConnection.java:1351) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(Ht tpConnection.java:779) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpCon nectionAdapter.flushRequestOutputStream