Certificate issues when upgrading from 2.8 to 2.10

rouble Mon, 02 Dec 2013 11:29:43 -0800

Camel Gurus,

I am running Camel 2.8, and to proxy a https web service I use
the following simple route:
        from("servlet:///proxyWebService/api/?matchOnUriPrefix=true")
        .process(myProcessor)


.to("https4://realWebService:8443/api/?bridgeEndpoint=true&throwExceptionOnFailure=false");

This worked great in Camel 2.8. In camel 2.10, I am getting a "Certificate
not verified" error. I have not changed anything in my code. I register the
same trust manager as before. I noticed in the camel logs that in 2.10,
instead of using https4, it is using plain https. Also, instead of proxying
a GET, it is changing it to a POST. For instance here is the relevant line
with 2.8:
*[          http-bio-443-exec-16] HttpProducer                   DEBUG
Executing http GET method:
https4://example.com/foo?bridgeEndpoint=true&throwExceptionOnFailure=true
<http://example.com/foo?bridgeEndpoint=true&throwExceptionOnFailure=true>*
and with 2.10:
*[          http-bio-443-exec-20] HttpProducer                   DEBUG
Executing http POST method: https://example.com/foo
<https://example.com/foo>*

My client code is the same for both cases. But I notice in 2.10 it is not
using https4 and using https. This seems wrong.

Here are some more logs from the failing 2.10 scenario:
          http-bio-443-exec-20] HttpProducer                   DEBUG
Starting producer: Producer[https4://
example.com/foo?throwExceptionOnFailure=true&bridgeEndpoint=true]
[          http-bio-443-exec-20] ProducerCache                  DEBUG
Adding to producer cache with key: Endpoint[https4://
example.com/foo?throwExceptionOnFailure=true&bridgeEndpoint=true] fo
r producer: Producer[https4://
example.com/foo?throwExceptionOnFailure=true&bridgeEndpoint=true]
[          http-bio-443-exec-20] DefaultErrorHandler            DEBUG
Redelivery enabled: false on error handler:
DefaultErrorHandler[Producer[https4://
example.com/foo?throwExceptionOnFailure
=true&bridgeEndpoint=true]]
[          http-bio-443-exec-20] HttpProducer                   DEBUG  The
uri used by http request is https://example.com/foo
[          http-bio-443-exec-20] HttpProducer                   DEBUG No
Content-Type provided for URL: https://example.com/foo with exchange:
Exchange[Message: SNIPPED]
[          http-bio-443-exec-20] HttpProducer                   DEBUG
Executing http POST method: https://example.com/foo
[          http-bio-443-exec-20] ThreadSafeClientConnManager    DEBUG Get
connection: {s}->https://example.com, timeout = 0
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG [{s}->
https://example.com] total kept alive: 0, total issued: 0, total allocated:
0 out of 200
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG No
free connections [{s}->https://example.com][null]
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG
Available capacity: 20 out of 20 [{s}->https://example.com][null]
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG
Creating new connection [{s}->https://example.com]
[          http-bio-443-exec-20] efaultClientConnectionOperator DEBUG
Connecting to example.com
[          http-bio-443-exec-20] DefaultClientConnection        DEBUG
Connection org.apache.http.impl.conn.DefaultClientConnection@14b66e7 closed
[          http-bio-443-exec-20] DefaultClientConnection        DEBUG
Connection org.apache.http.impl.conn.DefaultClientConnection@14b66e7 shut
down
[          http-bio-443-exec-20] ThreadSafeClientConnManager    DEBUG
Released connection is not reusable.
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG
Releasing connection [{s}->https://example.com][null]
[          http-bio-443-exec-20] DefaultClientConnection        DEBUG
Connection org.apache.http.impl.conn.DefaultClientConnection@14b66e7 closed
[          http-bio-443-exec-20] ConnPoolByRoute                DEBUG
Notifying no-one, there are no waiting threads
[          http-bio-443-exec-20] DefaultErrorHandler            DEBUG
Failed delivery for (MessageId: ID-apigw-hcmf-ws1-45019-1385508799740-0-3
on ExchangeId: ID-apigw-hcmf-ws1-45019-1385508799740-0-4). On delivery
attempt: 0 caught: javax.net.ssl.SSLException: Certificate not verified.
[          http-bio-443-exec-20] TestExceptionHandler           INFO
 TestExceptionHandler.process()
[          http-bio-443-exec-20] TestExceptionHandler           INFO
 Error-Certificate not verified. Certificate not verified.
[          http-bio-443-exec-20] TestExceptionHandler           INFO
 StackTrace--
javax.net.ssl.SSLException: Certificate not verified.
        at com.rsa.sslj.x.aE.b(Unknown Source)
        at com.rsa.sslj.x.aE.a(Unknown Source)
        at com.rsa.sslj.x.aE.a(Unknown Source)
        at com.rsa.sslj.x.aP.c(Unknown Source)
        at com.rsa.sslj.x.aP.a(Unknown Source)
        at com.rsa.sslj.x.aP.h(Unknown Source)
        at com.rsa.sslj.x.cz.startHandshake(Unknown Source)
        at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:534)


tia,
rouble

Certificate issues when upgrading from 2.8 to 2.10

Reply via email to