Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1091

Regression: 2 way authentication with SSL doesn't work in versions 4.1.x, used to work with 4.0.x

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 4.1.1
    • None
    • HttpClient (classic)
    • None

    Description

      Tried to create an SSL tunnel with two way authentication, was able to do that with versions 4.0.1 and 4.0.3, but in versions 4.1 and 4.1.1 I get the exception:
      Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
      at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
      at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
      at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
      at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
      at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:561)
      at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
      at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
      at ClientConnectionTest.main(ClientConnectionTest.java:38)

      the creation of the SSL certificates was done using open ssl and java keytool (script will be attached in openSSLCertsCreation.bat).
      as a client I've used a simple java client (will attach ClientConnectionTest.java)
      as a server Tomcat was used, and configured to allow ssl communication with 2 way authentication (clientAuth="true").

      Attachments

        1. serverKeyStore.jks
          2 kB
          Yuri Manusov
        2. server.xml
          7 kB
          Yuri Manusov
        3. openSSLCertsCreation.bat
          1 kB
          Yuri Manusov
        4. clientTrustStore.jks
          2 kB
          Yuri Manusov
        5. clientKeyStore.p12
          2 kB
          Yuri Manusov
        6. ClientConnectionTest.java
          1 kB
          Yuri Manusov

        Issue Links

          Activity

            People

              Unassigned Unassigned
              yurama Yuri Manusov
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: