HttpClient and requests over SSL

[Mihai Cazacu]

Hi,

I have an app that is running on "https://localhost".

Now, I want to make a PUT request:

HttpClient httpClient = vertx.createHttpClient(
        host: 'localhost',
        port:  443,
        SSL: true,
        keyStorePath: "d:/server-keystore.jks",
        keyStorePassword: "wibble"
)

 

 

httpClient.put('/api/test', { HttpClientResponse resp ->
  println resp
  println "Got response ${resp.statusCode}"
  resp.bodyHandler { body ->  println "Got data ${body}" }
}).end()

and I've got this error:

javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
...
Received fatal alert: certificate_unknown

If i call that URI using a REST client (ex: http://code.google.com/p/rest-client/), it works.

Any ideas?

Thanks,

Mihai

[Mihai Cazacu]

The full error:

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)

at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)

at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1080)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1064)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:765)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:422)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:84)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:471)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:332)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

at java.lang.Thread.run(Thread.java:722)

17/12/2012 12:49:43 org.vertx.java.core.http.HttpClientRequest SEVERE: Unhandled exception 

javax.net.ssl.SSLHandshakeException: Failed to create SSL connection

at org.vertx.java.core.http.impl.DefaultHttpClient$5$1.operationComplete(DefaultHttpClient.java:392)

at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:428)

at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:414)

at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:381)

at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1253)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1132)

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:765)

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:422)

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:311)

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:565)

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:560)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:84)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:471)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:332)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35)

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

at java.lang.Thread.run(Thread.java:722)

javax.net.ssl.SSLException: SSLEngine is closing/closed

at sun.security.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:692)

at sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:734)

at org.jboss.netty.handler.ssl.SslHandler.handshake(SslHandler.java:360)

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1060)

at org.jboss.netty.handler.ssl.SslHandler.closeOutboundAndChannel(SslHandler.java:1269)

at org.jboss.netty.handler.ssl.SslHandler.handleDownstream(SslHandler.java:498)

at org.jboss.netty.handler.codec.oneone.OneToOneEncoder.handleDownstream(OneToOneEncoder.java:55)

at org.jboss.netty.handler.stream.ChunkedWriteHandler.handleDownstream(ChunkedWriteHandler.java:109)

at org.jboss.netty.channel.Channels.close(Channels.java:820)

at org.jboss.netty.channel.AbstractChannel.close(AbstractChannel.java:197)

at org.vertx.java.core.http.impl.DefaultHttpServer$ServerHandler.exceptionCaught(DefaultHttpServer.java:554)

at org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)

at org.jboss.netty.handler.codec.frame.FrameDecoder.exceptionCaught(FrameDecoder.java:378)

at org.jboss.netty.handler.codec.frame.FrameDecoder.exceptionCaught(FrameDecoder.java:378)

at org.jboss.netty.handler.ssl.SslHandler.exceptionCaught(SslHandler.java:593)

at org.jboss.netty.channel.Channels.fireExceptionCaught(Channels.java:533)

at org.jboss.netty.channel.AbstractChannelSink.exceptionCaught(AbstractChannelSink.java:49)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:84)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:471)

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:332)

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

at java.lang.Thread.run(Thread.java:722)

[Tim Fox]

Take a look at the ssl example in the distro, and try and figure out what is different with your app.

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/vertx/-/Kmjti1dqbqUJ.
To post to this group, send an email to ve...@googlegroups.com.
To unsubscribe from this group, send email to vertx+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/vertx?hl=en-GB.

[Mihai Cazacu]

Thanks, Tim. It seems that I need to add 'trustAll' property.

[Tim Fox]

On 17/12/2012 11:25, Mihai Cazacu wrote:

Thanks, Tim. It seems that I need to add 'trustAll' property.

Please understand what trustAll does before setting it to true (take a look at the docs).

Setting trustAll to true means the client will trust ALL server side certificates, so this might make you susceptible to man in the middle attacks.

To view this discussion on the web, visit https://groups.google.com/d/msg/vertx/-/q1dF3a344cAJ.

[Mihai Cazacu]

Thanks for the advice! In the production I will not use this setting. For now, it is ok since I run the apps on my local machine.

Mihai Cazacu
Software Engineer
E-mail: cazacu...@gmail.com
Mobile: +40 745 254 657
Skype: cazacugmihai

Twitter: cazacugmihai