Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.2.2, 4.2.3, 4.2.4, 4.3 Alpha1, 4.3 Beta1, 4.3 Final
-
None
-
Java System Property javax.net.ssl.trustStore is set, but javax.net.ssl.trustStorePassword is not.
Description
When the Java System property "javax.net.ssl.trustStore" is specified, but "javax.net.ssl.trustStorePassword" is not, requests are encountering the exception listed below. This is reproducible in version 4.2.1 and looking at the relevant code, it should also be reproducible in all other versions as well.
This appears to be fixed if the password value for loading the keystore falls back to null instead of the empty string. I'm not sure if this problem also exists with the "javax.net.ssl.keyStore" logic as well, but I suspect it does.
The workaround is to set the "javax.net.ssl.trustStorePassword" appropriately, assuming that you know the correct value.
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
... 37 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
... 41 more