[
https://issues.apache.org/jira/browse/HTTPCLIENT-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hakan Altindag updated HTTPCLIENT-2311:
---------------------------------------
Description:
The Apache Http Client in version 5.2.2 stopped working. It fails to initialize
because it tries to use a proxy while it is not specified and also not needed
at all. It was working until version 5.2.1 but now it fails.
The stacktrace:
{code:java}
java.lang.IllegalArgumentException: Invalid Proxy
at java.base/java.net.Socket.<init>(Socket.java:177) at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.createSocket(SSLConnectionSocketFactory.java:208)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:158)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:447)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:162)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:172)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:142)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:96)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:152)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:115)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:170)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:123)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
nl.altindag.ssl.apache5/nl.altindag.ssl.apache5.SSLFactoryIT.executeHttpsRequestWithMutualAuthentication(SSLFactoryIT.java:89)
at java.base/java.lang.reflect.Method.invoke(Method.java:568) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1511) {code}
The failing build pipeline:
[https://github.com/Hakky54/sslcontext-kickstart/pull/414]
The failing integration test:
[https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
The ssl configuration is built with the following snippet within my library to
make it easier for my end-user to use the library alongside with the apache
http client:
{code:java}
public static LayeredConnectionSocketFactory toSocketFactory(SSLFactory
sslFactory) {
return new SSLConnectionSocketFactory(
sslFactory.getSslContext(),
sslFactory.getSslParameters().getProtocols(),
sslFactory.getSslParameters().getCipherSuites(),
sslFactory.getHostnameVerifier()
);
} {code}
The failing test code snippet is below and can be viewed also with the
following link:
[https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
{code:java}
@Test
void executeHttpsRequestWithMutualAuthentication() throws IOException {
SSLFactory sslFactoryForClient = SSLFactory.builder()
.withIdentityMaterial("keystore/client-server/client-one/identity.jks",
"secret".toCharArray())
.withTrustMaterial("keystore/client-server/client-one/truststore.jks",
"secret".toCharArray())
.build();
LayeredConnectionSocketFactory socketFactory =
Apache5SslUtils.toSocketFactory(sslFactoryForClient);
PoolingHttpClientConnectionManager connectionManager =
PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(socketFactory)
.build();
HttpClient httpClient = HttpClients.custom()
.setConnectionManager(connectionManager)
.build();
HttpGet request = new HttpGet("https://localhost:8443/api/hello";);
HttpResponse response = httpClient.execute(request);
int statusCode = response.getCode();
assertThat(statusCode).isEqualTo(200);
} {code}
To reproduce:
{code:java}
git clone https://github.com/Hakky54/sslcontext-kickstart.git
cd sslcontext-kickstart
git switch dependabot/maven/org.apache.httpcomponents.client5-httpclient5-5.2.2
mvn install {code}
was:
The Apache Http Client in version 5.2.2 stopped working. It fails to initialize
because it tries to use a proxy while it is not specified and also not needed
at all. It was working until version 5.2.1 but now it fails.
The stacktrace:
{code:java}
java.lang.IllegalArgumentException: Invalid Proxy
at java.base/java.net.Socket.<init>(Socket.java:177) at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.createSocket(SSLConnectionSocketFactory.java:208)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:158)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:447)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:162)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:172)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:142)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:96)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:152)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:115)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:170)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:123)
at
org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
nl.altindag.ssl.apache5/nl.altindag.ssl.apache5.SSLFactoryIT.executeHttpsRequestWithMutualAuthentication(SSLFactoryIT.java:89)
at java.base/java.lang.reflect.Method.invoke(Method.java:568) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1511) {code}
The failing build pipeline:
[https://github.com/Hakky54/sslcontext-kickstart/pull/414]
The failing integration test:
[https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
The ssl configuration is built with the following snippet within my library to
make it easier for my end-user to use the library alongside with the apache
http client:
{code:java}
public static LayeredConnectionSocketFactory toSocketFactory(SSLFactory
sslFactory) {
return new SSLConnectionSocketFactory(
sslFactory.getSslContext(),
sslFactory.getSslParameters().getProtocols(),
sslFactory.getSslParameters().getCipherSuites(),
sslFactory.getHostnameVerifier()
);
} {code}
The failing test code snippet is below and can be viewed also with the
following link:
[https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
{code:java}
@Test
void executeHttpsRequestWithMutualAuthentication() throws IOException {
SSLFactory sslFactoryForClient = SSLFactory.builder()
.withIdentityMaterial("keystore/client-server/client-one/identity.jks",
"secret".toCharArray())
.withTrustMaterial("keystore/client-server/client-one/truststore.jks",
"secret".toCharArray())
.build();
LayeredConnectionSocketFactory socketFactory =
Apache5SslUtils.toSocketFactory(sslFactoryForClient);
PoolingHttpClientConnectionManager connectionManager =
PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(socketFactory)
.build();
HttpClient httpClient = HttpClients.custom()
.setConnectionManager(connectionManager)
.build();
HttpGet request = new HttpGet("https://localhost:8443/api/hello";);
HttpResponse response = httpClient.execute(request);
int statusCode = response.getCode();
assertThat(statusCode).isEqualTo(200);
} {code}
> Http Client not working anymore with SSL configuration
> ------------------------------------------------------
>
> Key: HTTPCLIENT-2311
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2311
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 5.2.2
> Reporter: Hakan Altindag
> Priority: Major
> Fix For: 5.2.1
>
>
> The Apache Http Client in version 5.2.2 stopped working. It fails to
> initialize because it tries to use a proxy while it is not specified and also
> not needed at all. It was working until version 5.2.1 but now it fails.
> The stacktrace:
>
> {code:java}
> java.lang.IllegalArgumentException: Invalid Proxy
> at java.base/java.net.Socket.<init>(Socket.java:177) at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory.createSocket(SSLConnectionSocketFactory.java:208)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:158)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:447)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:162)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:172)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:142)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:96)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:152)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:115)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:170)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:123)
> at
> org.apache.httpcomponents.client5.httpclient5@5.2.2/org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
> at
> nl.altindag.ssl.apache5/nl.altindag.ssl.apache5.SSLFactoryIT.executeHttpsRequestWithMutualAuthentication(SSLFactoryIT.java:89)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568) at
> java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at
> java.base/java.util.ArrayList.forEach(ArrayList.java:1511) {code}
> The failing build pipeline:
> [https://github.com/Hakky54/sslcontext-kickstart/pull/414]
>
> The failing integration test:
> [https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
>
> The ssl configuration is built with the following snippet within my library
> to make it easier for my end-user to use the library alongside with the
> apache http client:
> {code:java}
> public static LayeredConnectionSocketFactory toSocketFactory(SSLFactory
> sslFactory) {
> return new SSLConnectionSocketFactory(
> sslFactory.getSslContext(),
> sslFactory.getSslParameters().getProtocols(),
> sslFactory.getSslParameters().getCipherSuites(),
> sslFactory.getHostnameVerifier()
> );
> } {code}
> The failing test code snippet is below and can be viewed also with the
> following link:
> [https://github.com/Hakky54/sslcontext-kickstart/blob/da231f1c5a849c8e80f0367fe780c495b428cb62/sslcontext-kickstart-for-apache5/src/test/java/nl/altindag/ssl/apache5/SSLFactoryIT.java#L73]
> {code:java}
> @Test
> void executeHttpsRequestWithMutualAuthentication() throws IOException {
> SSLFactory sslFactoryForClient = SSLFactory.builder()
>
> .withIdentityMaterial("keystore/client-server/client-one/identity.jks",
> "secret".toCharArray())
>
> .withTrustMaterial("keystore/client-server/client-one/truststore.jks",
> "secret".toCharArray())
> .build();
> LayeredConnectionSocketFactory socketFactory =
> Apache5SslUtils.toSocketFactory(sslFactoryForClient);
> PoolingHttpClientConnectionManager connectionManager =
> PoolingHttpClientConnectionManagerBuilder.create()
> .setSSLSocketFactory(socketFactory)
> .build();
> HttpClient httpClient = HttpClients.custom()
> .setConnectionManager(connectionManager)
> .build();
> HttpGet request = new HttpGet("https://localhost:8443/api/hello";);
> HttpResponse response = httpClient.execute(request);
> int statusCode = response.getCode();
> assertThat(statusCode).isEqualTo(200);
> } {code}
>
> To reproduce:
> {code:java}
> git clone https://github.com/Hakky54/sslcontext-kickstart.git
> cd sslcontext-kickstart
> git switch
> dependabot/maven/org.apache.httpcomponents.client5-httpclient5-5.2.2
> mvn install {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
