Name: nt126004 Date: 01/17/2002


FULL PRODUCT VERSION :
java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1-b24)
Java HotSpot(TM) Client VM (build 1.3.1-b24, mixed mode)

FULL OPERATING SYSTEM VERSION :
WINDOWS 2000 Professional



EXTRA RELEVANT SYSTEM CONFIGURATION :
Accessing through the proxy server (IIS 2000 Professional)
JDK 1.3.

A DESCRIPTION OF THE PROBLEM :
We are trying to access secure site with java client using
SSL through the proxy server. We are able to access the
https://www.verisign.com successfully. When trying to
access some other site such as http://www.apache-ssl.org or
our site (working on Apache mod_ssl 1.3.20) we repetedly
get the above pasted error.
This is possibly a duplicate of 4314398, not sure.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.try to access https://www.thawte.com from a java client
application using sun's security provider
2.
3.

EXPECTED VERSUS ACTUAL BEHAVIOR :
Should be able to get the HTML content of desired page

This bug can be reproduced always.


ERROR MESSAGES THAT APPEAR :
Inside our SSLTunnelSocketFactory.... createSocket..tunnel..::Socket[addr=PROXY-
FTP/172.16.0.23,port=80,localport=1331] createSocket..tunnelHost..::172.16.0.23
createSocket..tunnelPort..::80 doTunnelHandshake..After..:: Cipher Suite
Enabled...::[Ljava.lang.String;@61d36b Cipher Suite Enabled...::
[Ljava.lang.String;@7f1ba3 Cipher Suite...::SSL_RSA_WITH_RC4_128_SHA Cipher
Suite strSupportedCipherSuites...::SSL_DHE_DSS_WITH_DES_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_MD5 In Side :: Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_MD5 Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_DES_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_3DES_EDE_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_EXPORT_WITH_RC4_40_MD5 Cipher
Suite...::SSL_RSA_WITH_RC4_128_SHA result..After..:: Handshake finished!
CipherSuite:SSL_RSA_WITH_RC4_128_SHA SessionId [Session-1,
SSL_RSA_WITH_RC4_128_SHA] PeerHost www.apache-ssl.org
createSocket..tunnel..::Socket[addr=PROXY-
FTP/172.16.0.23,port=80,localport=1333] createSocket..tunnelHost..::172.16.0.23
createSocket..tunnelPort..::80 doTunnelHandshake..After..:: Cipher Suite
Enabled...::[Ljava.lang.String;@76cbf7 Cipher Suite Enabled...::
[Ljava.lang.String;@48cc8c Cipher Suite...::SSL_RSA_WITH_RC4_128_SHA Cipher
Suite strSupportedCipherSuites...::SSL_DHE_DSS_WITH_DES_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_MD5 In Side :: Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_MD5 Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_RC4_128_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_DES_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_WITH_3DES_EDE_CBC_SHA Cipher Suite
strSupportedCipherSuites...::SSL_RSA_EXPORT_WITH_RC4_40_MD5 Cipher
Suite...::SSL_RSA_WITH_RC4_128_SHA result..After..:: Handshake finished!
CipherSuite:SSL_RSA_WITH_RC4_128_SHA SessionId [Session-2,
SSL_RSA_WITH_RC4_128_SHA] PeerHost www.apache-ssl.org
java.net.SocketException:
Unexpected end of file from server at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.b([DashoPro-V1.2-
120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.a
([DashoPro-V1.2-120198])
  at
com.sun.net.ssl.internal.www.protocol.https.HttpClient.b([DashoPro-V1.2-
120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.a
([DashoPro-V1.2-120198])
  at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream
([DashoPro-V1.2-120198])
  at URLTunnelReader.main
(URLTunnelReader.java:67) @@@@@Unexpected end of file from server@@@@Unexpected
end of file from server Process Exit...

---------- BEGIN SOURCE ----------
import java.net.*;
import java.io.*;
import java.security.*;
/*
 * This example illustrates using a URL to access resources
 * on a secure site from behind the firewall using the SSLTunnelSocketFactory.
 *
 */

public class URLTunnelReader {
   private final static String proxyHost = "172.16.0.23";
   private final static String proxyPort = "80";
   
   public static void main(String[] args) throws Exception {
      System.setProperty
("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
      java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

      System.setProperty("https.proxyHost",proxyHost);
      System.setProperty("https.proxyPort",proxyPort);
// System.setProperty("javax.net.debug", "all");

      
// URL verisign = new URL
("https://203.122.29.77/cittera/servlet/TestSSLProxyServer");
// URL verisign = new URL("https://203.122.29.77/index.html.en");
    URL verisign = new URL("https://www.apache-ssl.org");
   // URL verisign = new URL("https://www.verisign.com");
//http://java.sun.com/security/ssl/javax.net.ssl.SSLSocket.html#setEnabledCipher
Suites(java.lang.String[])
      URLConnection con = verisign.openConnection(); //from secure site

      con.setRequestProperty("CONTENT_TYPE","application/octet-stream");
      con.setDoInput(true);
      con.setDoOutput(true);
      con.setUseCaches(false);

      if(con instanceof com.sun.net.ssl.HttpsURLConnection){
// java.lang.System.out.println("Cipher:::"+
((com.sun.net.ssl.HttpsURLConnection)con).getCipherSuite());
         ((com.sun.net.ssl.HttpsURLConnection)con).setSSLSocketFactory
                           (new SSLTunnelSocketFactory(proxyHost,proxyPort));
      }
      

/*
ObjectOutputStream objectoutputstream = new ObjectOutputStream
(con.getOutputStream());
objectoutputstream.writeObject(new Integer(1));
java.lang.System.err.println(" ServletMessage ::
objectoutputstream::"+objectoutputstream);
objectoutputstream.flush();
objectoutputstream.close();
objectoutputstream = null;

try
{

ObjectInputStream objectinputstream = new
ObjectInputStream(con.getInputStream());
String strValue = (String)objectinputstream.readObject
();
objectinputstream.close();
objectinputstream = null;
java.lang.System.out.println("After reading objects from
Stream....strValue...."+strValue );
System.out.println("Before Object read");
}
catch (Exception e) {
e.printStackTrace();
}
*/
try
{
//java.lang.System.out.println("Connection :: "+con);
BufferedReader in = new BufferedReader(new InputStreamReader
(con.getInputStream()));

String inputLine;

while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);

in.close();
}
catch (Exception e) {
e.printStackTrace();
System.out.println("@@@@@" + e.getMessage()
+"@@@@"+e.getLocalizedMessage());
}

   }
}
******************************************************************************
2nd file
******************************************************************************

import java.net.*;
import java.io.*;
import java.lang.*;
import javax.net.ssl.*;
import java.security.*;


public class SSLTunnelSocketFactory extends SSLSocketFactory
{
   private SSLSocketFactory dfactory;
   private String tunnelHost;
   private int tunnelPort;
   //private String host = "www.verisign.com";
  // private String host = "203.122.29.77";

   private String host = "www.apache-ssl.org";
   private int port = 443;
      
   public SSLTunnelSocketFactory(String proxyhost, String proxyport){
   System.setProperty
("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
   java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider
());
   java.lang.System.err.println("Inside our SSLTunnelSocketFactory....");
      tunnelHost = proxyhost;
      tunnelPort = Integer.parseInt(proxyport);
      dfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
   }
   
   public Socket createSocket(String host, int port)
                              throws IOException, UnknownHostException
   {
      return createSocket(null,host,port,true);
   }
   
   public Socket createSocket(String host,int port,InetAddress clientHost,
                              int clientPort)
                              throws IOException,UnknownHostException
   {
      return createSocket(null,host,port,true);
   }
   
   public Socket createSocket(InetAddress host,int port)
                              throws IOException
   {
      return createSocket(null,host.getHostName(),port,true);
   }
   
   public Socket createSocket(InetAddress address,int port,
                              InetAddress clientAddress,int clientPort)
                              throws IOException
   {
      return createSocket(null,address.getHostName(),port,true);
   }
   
   public Socket createSocket(Socket s, String host, int port,
                              boolean autoClose)
                              throws IOException,UnknownHostException
   {
SSLSocket result = null;
try
{

Socket tunnel = new Socket(tunnelHost,tunnelPort);
java.lang.System.out.println
("createSocket..tunnel..::"+tunnel);
java.lang.System.out.println
("createSocket..tunnelHost..::"+tunnelHost);
java.lang.System.out.println
("createSocket..tunnelPort..::"+tunnelPort);

doTunnelHandshake(tunnel,host,port);
java.lang.System.err.println("doTunnelHandshake..After..::");


System.setProperty
("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");


java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

result = (SSLSocket)dfactory.createSocket(tunnel,host,port,true);

java.lang.System.out.println("Cipher Suite
Enabled...::"+result.getSupportedCipherSuites());
java.lang.System.out.println("Cipher Suite
Enabled...::"+result.getEnabledCipherSuites());
java.lang.System.out.println("Cipher Suite...::"+result.getSession
().getCipherSuite());

String[] strArray = result.getEnabledCipherSuites();
for(int i=0; i<strArray.length; i++)
{
String strSupportedCipherSuites = (String)strArray[i];
java.lang.System.out.println("Cipher Suite
strSupportedCipherSuites...::"+strSupportedCipherSuites);
if (strSupportedCipherSuites.equals
("SSL_RSA_WITH_RC4_128_MD5"))
{
java.lang.System.out.println("In Side :: Cipher
Suite strSupportedCipherSuites...::"+strSupportedCipherSuites);
// result.setEnabledCipherSuites
("SSL_RSA_WITH_RC4_128_MD5");
String[] strArrayNew =
{"SSL_RSA_WITH_RC4_128_MD5"};

}
}
// String[] strCiph = new String[1];
// strCiph[0] = "SSL_RSA_WITH_RC4_128_MD5";
// result.setEnabledCipherSuites(strCiph);
java.lang.System.out.println("Cipher
Suite...::"+result.getSession().getCipherSuite());

java.lang.System.err.println("result..After..::");

result.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {
System.out.println("Handshake finished!");
System.out.println(
"\t CipherSuite:" + event.getCipherSuite());
System.out.println(
"\t SessionId " + event.getSession());
System.out.println(
"\t PeerHost " + event.getSession().getPeerHost());
}
}
);

result.startHandshake();
}
      catch (Exception e) {
       e.printStackTrace();
      }
      return result;
   }
    
   private void doTunnelHandshake(Socket tunnel, String host, int port)
                                    throws IOException
   {
      OutputStream out = tunnel.getOutputStream();
      String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
                  + "User-Agent: "
                  + sun.net.www.protocol.http.HttpURLConnection.userAgent
                  + "\r\n\r\n";
      byte b[];
      try {
         /*
         * We really do want ASCII7 -- the http protocol doesn't change
         * with locale.
         */
         b = msg.getBytes("ASCII7");
      } catch (UnsupportedEncodingException ignored) {
         /*
         * If ASCII7 isn't there, something serious is wrong, but
         * Paranoia Is Good (tm)
         */
         b = msg.getBytes();
      }
      out.write(b);
      out.flush();
      
      /*
      * We need to store the reply so we can create a detailed
      * error message to the user.
      */
      byte reply[] = new byte[200];
      int replyLen = 0;
      int newlinesSeen = 0;
      boolean headerDone = false; /* Done on first newline */
      
      InputStream in = tunnel.getInputStream();
      boolean error = false;
      
      while (newlinesSeen < 2) {
         int i = in.read();
         if (i < 0) {
            throw new IOException("Unexpected EOF from proxy");
         }
         if (i == '\n') {
            headerDone = true;
            ++newlinesSeen;
         } else if (i != '\r') {
            newlinesSeen = 0;
            if (!headerDone && replyLen < reply.length) {
               reply[replyLen++] = (byte) i;
            }
         }
      }
      
      /*
      * Converting the byte array to a string is slightly wasteful
      * in the case where the connection was successful, but it's
      * insignificant compared to the network overhead.
      */
      String replyStr;
      try {
         replyStr = new String(reply, 0, replyLen, "ASCII7");
      } catch (UnsupportedEncodingException ignored) {
         replyStr = new String(reply, 0, replyLen);
      }
      
      /* Look for 200 connection established */
      if(replyStr.toLowerCase().indexOf("200 connection established") == -1){
         throw new IOException("Unable to tunnel through "
                                + tunnelHost + ":" + tunnelPort
                                + ". Proxy returns \"" + replyStr + "\"");
      }
      
      /* tunneling Handshake was successful! */
   }
   
   public String[] getDefaultCipherSuites(){
      return dfactory.getDefaultCipherSuites();
   }
   
   public String[] getSupportedCipherSuites(){
      return dfactory.getSupportedCipherSuites();
   }
}
---------- END SOURCE ----------
(Review ID: 137986)
======================================================================