CFHTTP can retrieve URL OK, fails as scheduled task

120 views
Skip to first unread message

Tom Chiverton

unread,
Jul 22, 2015, 9:16:49 AM7/22/15
to Lucee
I'm using the latest Lucee stable on Amazon Linux with the 1.8 JVM.

I can CFHTTP a URL for one of our projects fine (response code 200, fileContent as expected).

If I use that same URL in the admin as a scheduled task, I get an error logged as 'SSLPeerUnverifiedException: peer not authenticated'.
The site is over SSL, and we've not applied the manual steps from https://luceeserver.atlassian.net/browse/LDEV-292 as yet, because I'm not sure it should help, if CFHTTP is happy with it, surely ?

Why is the admin different ?

Here's the full error :

"ERROR","Thread-6313","07/22/2015","13:12:19","","schedule task:update_expire_state;peer not authenticated;javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
        at sun.reflect.GeneratedMethodAccessor355.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl.execute(HTTPEngine4Impl.java:416)
        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl._invoke(HTTPEngine4Impl.java:252)
        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl.get(HTTPEngine4Impl.java:112)
        at lucee.commons.net.http.HTTPEngine.get(HTTPEngine.java:86)
        at lucee.runtime.schedule.ExecutionThread.execute(ExecutionThread.java:108)
        at lucee.runtime.schedule.ExecutionThread.run(ExecutionThread.java:58)

Andrew Dixon

unread,
Jul 22, 2015, 9:28:32 AM7/22/15
to lu...@googlegroups.com
Which version of Lucee are you running Tom?

Kind regards,

Andrew

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/c35df143-74cb-4ed7-80fc-cc06c15ea1d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Tom Chiverton

unread,
Jul 22, 2015, 9:31:00 AM7/22/15
to lu...@googlegroups.com
The latest stable, 4.5.1.022.

I should also say that wget is happy retrieving the URL too, so it's not an SSL setup issue.

Tom

--
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/xpCWBzD2ci0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.

To post to this group, send email to lu...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
Tom

Tom Chiverton

unread,
Jul 22, 2015, 9:42:46 AM7/22/15
to Lucee
Ohh, and also the URL from LDEV-292 that was problmatic, https://maps.googleapis.com/maps/api/geocode/json, returns fine on the server as well.

So I think something in the Lucee Admin must be different ?

Tom

Nando Breiter

unread,
Jul 22, 2015, 10:00:41 AM7/22/15
to lu...@googlegroups.com
Tom, Did you install the SSL cert on the server? I've seen this error with scheduled tasks over ssl - the solution has been to install the cert in the java keystore. Lucee makes this easy, I believe, with an UI feature in the administrator.



Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland

+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

Tom Chiverton

unread,
Jul 22, 2015, 10:06:24 AM7/22/15
to lu...@googlegroups.com

On 22 July 2015 at 15:00, Nando Breiter <na...@aria-media.com> wrote:
Tom, Did you install the SSL cert on the server?


I gave it a go and it didn't help.

--
Tom

Nando Breiter

unread,
Jul 22, 2015, 10:11:12 AM7/22/15
to lu...@googlegroups.com
have you you googled "peer not authenticated cfhttp" yet? I've spent a lot of time reading through search results returned on that query, as I've faced the same issue multiple times. 



Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland

+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

Nando Breiter

unread,
Jul 22, 2015, 10:22:09 AM7/22/15
to lu...@googlegroups.com
... suggested because that search term seems to be among the best to access the variety of issues that might be at play - it took me awhile to hit on it. www.coldfusionmuse.com has some of the best info on SSL certs. Some of it might spill over to Lucee because a lot of it is JVM rather than engine based.



Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland

+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia

Andrew Dixon

unread,
Jul 22, 2015, 11:22:18 AM7/22/15
to lu...@googlegroups.com
Did you update the JAR files? These are not included by the automatic updater? You need to download them and update them manually and then restart you servlet container:


Also there is another ticket on 4.5.2.000 (currently on the "dev" channel only) that fixes further SSL issues.


Kind regards,

Andrew

Tom Chiverton

unread,
Jul 23, 2015, 4:31:59 AM7/23/15
to Lucee, andrew...@gmail.com
I took the three jars from LDEV-292 and the error changed to

Exception in thread "Thread-10" java.lang.NoClassDefFoundError: org/apache/http/client/methods/HttpUriRequest
        at lucee.commons.net.http.HTTPEngine.header(HTTPEngine.java:115)
        at lucee.runtime.schedule.ExecutionThread.execute(ExecutionThread.java:85)
        at lucee.runtime.schedule.ExecutionThread.run(ExecutionThread.java:58)
Caused by: java.lang.ClassNotFoundException: org.apache.http.client.methods.HttpUriRequest
        at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        at lucee.loader.classloader.LuceeClassLoader.loadClass(Unknown Source)
        at lucee.loader.classloader.LuceeClassLoader.loadClass(Unknown Source)
        ... 3 more

Taking just the two you linked to instead gives

Exception in thread "Thread-12" java.lang.NoClassDefFoundError: org/apache/http/config/Lookup
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:760)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Class.java:2701)
        at java.lang.Class.privateGetMethodRecursive(Class.java:3048)
        at java.lang.Class.getMethod0(Class.java:3018)
        at java.lang.Class.privateGetMethodRecursive(Class.java:3058)
        at java.lang.Class.getMethod0(Class.java:3018)
        at java.lang.Class.getMethod(Class.java:1784)
        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl.execute(HTTPEngine4Impl.java:415)

        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl._invoke(HTTPEngine4Impl.java:252)
        at lucee.commons.net.http.httpclient4.HTTPEngine4Impl.get(HTTPEngine4Impl.java:112)
        at lucee.commons.net.http.HTTPEngine.get(HTTPEngine.java:86)
        at lucee.runtime.schedule.ExecutionThread.execute(ExecutionThread.java:108)
        at lucee.runtime.schedule.ExecutionThread.run(ExecutionThread.java:58)
Caused by: java.lang.ClassNotFoundException: org.apache.http.config.Lookup
        at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        ... 24 more

Tom
Reply all
Reply to author
Forward
0 new messages