HttpComponents HttpClient
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1320

SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.2, 4.2.3, 4.2.4, 4.3 Alpha1, 4.3 Beta1, 4.3 Final
    • Fix Version/s: 4.2.4, 4.3 Beta1
    • Component/s: HttpClient
    • Labels:
      None
    • Environment:
      Java System Property javax.net.ssl.trustStore is set, but javax.net.ssl.trustStorePassword is not.

      Description

      When the Java System property "javax.net.ssl.trustStore" is specified, but "javax.net.ssl.trustStorePassword" is not, requests are encountering the exception listed below. This is reproducible in version 4.2.1 and looking at the relevant code, it should also be reproducible in all other versions as well.

      This appears to be fixed if the password value for loading the keystore falls back to null instead of the empty string. I'm not sure if this problem also exists with the "javax.net.ssl.keyStore" logic as well, but I suspect it does.

      The workaround is to set the "javax.net.ssl.trustStorePassword" appropriately, assuming that you know the correct value.

      Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
      at java.security.KeyStore.load(KeyStore.java:1185)
      at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
      at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
      ... 37 more
      Caused by: java.security.UnrecoverableKeyException: Password verification failed
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
      ... 41 more

      1. HTTPCLIENT-1320.patch
        0.8 kB
        Abe Backus
      2. HTTPCLIENT_1320.java
        1 kB
        Abe Backus

        Activity

        Abe Backus created issue -
        Abe Backus made changes -
        Field Original Value New Value
        Attachment HTTPCLIENT-1320.patch [ 12568659 ]
        Abe Backus made changes -
        Attachment HTTPCLIENT_1320.java [ 12568666 ]
        Oleg Kalnichevski made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 4.2.4 [ 12323961 ]
        Fix Version/s 4.3 Alpha2 [ 12323951 ]
        Resolution Fixed [ 1 ]
        Abe Backus made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Abe Backus
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development