Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SSLPeerUnverifiedException HTTPS/Apache HTTPClient 4.0/Java 1.6.0

843811Apr 14 2008 — edited Jun 3 2009
Hi folks,

I've been working on a small project requiring the use of self-signed HTTPS servers. I need to perform several HTTP operations (two POST actions), so I'm using HttpClient 4.0 from Apache. When I connect, however, I get a nice SSLPeerUnverifiedException: peer not authenticated[1]. I've looked around on Google and on these forums, and it seems that this is largely a problem encountered in previous JREs, older versions of Tomcat, older versions of JBoss, etc. However, I'm not using Tomcat or JBoss, and I'm also using a recent JRE.

I'd also like to avoid using keytool to generate a keystore for the server (?). I noticed that that's a solution that's used a lot. I also do not have access to the server's private key, as this will be deployed in environments beyond my own.

This is how my code currently looks:


SSLSocketFactory factory = SSLSocketFactory.getSocketFactory();
factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
DefaultHttpClient httpclient = new DefaultHttpClient();
Scheme sch = new Scheme("https", factory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);


The exception occurs later, here:


HttpResponse response = httpclient.execute(httpPost);


Does anyone have a solution for SSLPeerUnverifiedException?

The version of Java that I'm using is 1.6.0_03-b05.
The client library is Apache HttpClient 4.0 alpha 3.

Many thanks in advance,

-J

[1] Stack trace:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:297)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:134)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
at org.apache.http.impl.client.DefaultClientRequestDirector.execute(DefaultClientRequestDirector.java:302)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:500)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:455)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:421)
at ccaabp.Main.run(Main.java:102)
at ccaabp.Main.main(Main.java:297)
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 1 2009
Added on Apr 14 2008
#java-secure-socket-extension-jsse
13 comments
5,531 views