[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-commons-dev
Subject: [jira] [Created] (HTTPCLIENT-1798) SSL Problem
From: "SuNova (JIRA)" <jira () apache ! org>
Date: 2016-12-31 13:09:58
Message-ID: JIRA.13031380.1483189777000.621063.1483189798581 () Atlassian ! JIRA
[Download RAW message or body]
SuNova created HTTPCLIENT-1798:
----------------------------------
Summary: SSL Problem
Key: HTTPCLIENT-1798
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1798
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (async)
Affects Versions: 4.5.2
Environment: JDK 1.7 @ Windows 10 x64
Reporter: SuNova
Priority: Blocker
I have an app which generates certificates dynamically and uses them in a hand made \
server. This server has two audiences, Telegram Bot API and my own system (periodic \
checks to see if server is still working as expected). I do everything fine and \
Telegram Bot API can connect to my server normally, and no exceptions are thrown. \
Here is the way I configure my server: {code:title=WebHook.java|borderStyle=solid}
SSLContext context = SSLContext.getInstance("TLSv1.2");
X509Certificate cert = launcher.cert;
PrivateKey privateKey = launcher.privateKey;
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null);
ks.setCertificateEntry("cert-alias", cert);
ks.setKeyEntry("key-alias", privateKey, "missile@supervisor".toCharArray(), new \
Certificate[]{cert}); KeyManagerFactory kmf = \
KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, \
"missile@supervisor".toCharArray()); KeyManager[] km = kmf.getKeyManagers();
context.init(km, null, null);
serverSocket = context.getServerSocketFactory().createServerSocket(serverPort);
{code}
and so on.
Telegram Bot API can connect to my server normally, but when I try to connect via my \
own Apache Http Client, I see some "Server Side" errors: \
{code:title=Exception|borderStyle=solid}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:263)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:303)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:507)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:122)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:351)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: \
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid \
certification path to requested target at \
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at \
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at \
sun.security.validator.Validator.validate(Validator.java:260) at \
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at \
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) at \
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find \
valid certification path to requested target at \
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) \
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 23 more
{code}
I don't know why I receive this error because it works normally when Telegram Bot API \
connects to it, also using PostMan and even browser, I can normally connect, but when \
trying to connect via Apache Http Client this error comes up. Can you guide me \
please?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic