Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-783

PostMethod constructor argument "uri" fails when uri is absolute, and a custom protocol is set via getHostConfiguration().setHost()

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Invalid
    • 3.1 (end of life)
    • None
    • HttpClient (classic)
    • None
    • Windows XP, Java 1.6

    Description

      1. Follow SSL configuration as prescribed in the HTTPClient SSL documentation at http://hc.apache.org/httpclient-3.x/sslguide.html.

      2. Use a PostMethod instead of Get.

      3. Change the URL to absolute. The JavaDocs say the URI can be absolute or relative. Construction with an absolute URI works when there is no custom protocol/socket factory.

      See that only when there is an absolute path, the default cacerts is used instead of the specified trust store. This is because the HTTPClient framework will completely bypass the custom protocol factory impl when there is an absolute URL. If the server's certificate is not in the cacerts file, an exception is thrown: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

      Whether this is a bug is sort of a grey area, but it is a source of confusion. Would be a good idea to at least note this in the documentation.

      Stack trace:

      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
      at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
      at sun.security.validator.Validator.validate(Unknown Source)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
      ... 18 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
      at java.security.cert.CertPathBuilder.build(Unknown Source)
      ... 24 more

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            robertjchristian Robert Christian
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment