SSLPeerUnverifiedException HTTPS/Apache HTTPClient 4.0/Java 1.6.0
843811Apr 14 2008 — edited Jun 3 2009Hi folks,
I've been working on a small project requiring the use of self-signed HTTPS servers. I need to perform several HTTP operations (two POST actions), so I'm using HttpClient 4.0 from Apache. When I connect, however, I get a nice SSLPeerUnverifiedException: peer not authenticated[1]. I've looked around on Google and on these forums, and it seems that this is largely a problem encountered in previous JREs, older versions of Tomcat, older versions of JBoss, etc. However, I'm not using Tomcat or JBoss, and I'm also using a recent JRE.
I'd also like to avoid using keytool to generate a keystore for the server (?). I noticed that that's a solution that's used a lot. I also do not have access to the server's private key, as this will be deployed in environments beyond my own.
This is how my code currently looks:
SSLSocketFactory factory = SSLSocketFactory.getSocketFactory();
factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
DefaultHttpClient httpclient = new DefaultHttpClient();
Scheme sch = new Scheme("https", factory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
The exception occurs later, here:
HttpResponse response = httpclient.execute(httpPost);
Does anyone have a solution for SSLPeerUnverifiedException?
The version of Java that I'm using is 1.6.0_03-b05.
The client library is Apache HttpClient 4.0 alpha 3.
Many thanks in advance,
-J
[1] Stack trace:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:297)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:134)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
at org.apache.http.impl.client.DefaultClientRequestDirector.execute(DefaultClientRequestDirector.java:302)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:500)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:455)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:421)
at ccaabp.Main.run(Main.java:102)
at ccaabp.Main.main(Main.java:297)