| Re: [jetty-users] Jetty HttpClient 9 (9.0.0.M5) SSL TrustAll Issues |
Hi Jay,
thx for the compliments. We like our new HTTP client a lot as well. :)
However you revealed a bug or at least some non intuitive setup. When trustAll is set, hostname verification should be disabled, I agree and I just fixed it.
Here's the bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=400184
You can either use the new code or as a workaround call:
SslContextFactory.setEndpointIdentificationAlgorithm(null);
in your setup to disable hostname verification. The fix will be in the next release.
Cheers,
Thomas
Am 2/7/13 1:03 AM, schrieb Jay Wallingford:
_______________________________________________I'm using Jetty HttpClient 9 to do some simple web crawling and I can't
seem to make it work with HTTPS. The following simple code that makes a
synchronous GET request ...
|SslContextFactory sslContextFactory = new SslContextFactory(true);
HttpClient client = new HttpClient(sslContextFactory);
client.start();
ContentResponse response = client.newRequest("https://www.twitter.com")
.method(HttpMethod.GET)
.send();
|
Where I use the TrustAll flag when creating the SslContextFactory causes
the following exception which appears to be related to SSL ...
|java.util.concurrent.ExecutionException: org.eclipse.jetty.io.EofException
at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118)
at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101)
at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:433)
at com.blogfrog.system.service.http.Jetty9HttpClientTester.main(Jetty9HttpClientTester.java:17)
Caused by: org.eclipse.jetty.io.EofException
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:597)
at org.eclipse.jetty.client.HttpReceiver.receive(HttpReceiver.java:74)
at org.eclipse.jetty.client.HttpConnection.receive(HttpConnection.java:308)
at org.eclipse.jetty.client.HttpExchange.receive(HttpExchange.java:104)
at org.eclipse.jetty.client.HttpConnection.onFillable(HttpConnection.java:296)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:240)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:278)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:78)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:198)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:240)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:278)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:78)
at org.eclipse.jetty.io.SelectChannelEndPoint.onSelected(SelectChannelEndPoint.java:109)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.processKey(SelectorManager.java:482)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.select(SelectorManager.java:439)
at org.eclipse.jetty.io.SelectorManager$ManagedSelector.run(SelectorManager.java:404)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:589)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:520)
at java.lang.Thread.run(Thread.java:722)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:490)
... 18 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:547)
... 18 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 199.59.148.10 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:154)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:91)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:889)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:828)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1328)
... 25 more
|
What am I doing wrong here? Is this the right way to have Jetty
HttpClient trust all SSL connections? If not, what's the proper approach?
Other that this one little glitch - HttpClient 9 is fantastic - easy,
fast, tighter code and more reliable than the asynchronous version of
Apache HttpClient.
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users