P4
FULL PRODUCT VERSION :
java version "1.7.0_67"
Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
Java HotSpot(TM) Client VM (build 24.65-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
irrelevant
Microsoft Windows [verziószám: 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
irrelevant
A DESCRIPTION OF THE PROBLEM :
Set java.net.useSystemProxies=true.
You use a http CONNECT proxy to access remote sites. (With basic auth, but I don't think it matters.)
The remote site requires SSL client authentication.
Your certificate has expired.
Now when you call HttpsURLConnection.getInputStream(), it will NOT throw "javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired". Instead, it tries to call CONNECT method on the remote site.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
see Description
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
ACTUAL -
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method CONNECT is not allowed for the URL /index.html.</p>
<hr>
<address>Apache/2.2 Server at ... Port 443</address>
</body></html>
ERROR MESSAGES/STACK TRACES THAT OCCUR :
When using "-Djavax.net.debug=ssl", you'll see
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Patching JDK :(
sun.net.www.http.HttpClient
parseHTTP
} catch (IOException e) {
closeServer();
cachedHttpClient = false;
if (!failedOnce && requests != null) {
failedOnce = true;
/* if (getRequestMethod().equals("CONNECT") ||
(httpuc.getRequestMethod().equals("POST") &&
(!retryPostProp || streaming))) {
// do not retry the request
} else {
// try once more
openServer();
if (needsTunneling()) {
httpuc.doTunneling();
}
afterConnect();
writeRequests(requests, poster);
return parseHTTP(responses, pi, httpuc);
} **The above code causes this problem** */
}
throw e;
}
java version "1.7.0_67"
Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
Java HotSpot(TM) Client VM (build 24.65-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
irrelevant
Microsoft Windows [verziószám: 6.1.7601]
EXTRA RELEVANT SYSTEM CONFIGURATION :
irrelevant
A DESCRIPTION OF THE PROBLEM :
Set java.net.useSystemProxies=true.
You use a http CONNECT proxy to access remote sites. (With basic auth, but I don't think it matters.)
The remote site requires SSL client authentication.
Your certificate has expired.
Now when you call HttpsURLConnection.getInputStream(), it will NOT throw "javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired". Instead, it tries to call CONNECT method on the remote site.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
see Description
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
ACTUAL -
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method CONNECT is not allowed for the URL /index.html.</p>
<hr>
<address>Apache/2.2 Server at ... Port 443</address>
</body></html>
ERROR MESSAGES/STACK TRACES THAT OCCUR :
When using "-Djavax.net.debug=ssl", you'll see
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_expired
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Patching JDK :(
sun.net.www.http.HttpClient
parseHTTP
} catch (IOException e) {
closeServer();
cachedHttpClient = false;
if (!failedOnce && requests != null) {
failedOnce = true;
/* if (getRequestMethod().equals("CONNECT") ||
(httpuc.getRequestMethod().equals("POST") &&
(!retryPostProp || streaming))) {
// do not retry the request
} else {
// try once more
openServer();
if (needsTunneling()) {
httpuc.doTunneling();
}
afterConnect();
writeRequests(requests, poster);
return parseHTTP(responses, pi, httpuc);
} **The above code causes this problem** */
}
throw e;
}