[Jetty-support] Mutual SSL Support for the Jetty HTTP Client

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Greetings,

We're trying to implement mutual SSL support with the Jetty HTTP Client
and are getting a bit hung up.  When attempting this:

      private static void httpsTest(HttpClient httpClient)

      {

            try {

HttpClient httpsClient = new HttpClient();

httpsClient.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);

                  httpsClient.setKeyManagerPassword("password");

                  httpsClient.setKeyStoreLocation("etc/keystore.jks");

                  httpsClient.setKeyStorePassword("password");

                  httpsClient.setTrustStoreLocation("etc/keystore.jks");

                  httpsClient.setTrustStorePassword("password");

                  httpsClient.start();

                  contentExchange = new ContentExchange();

httpsClient.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);

                  contentExchange.setMethod("GET");

                  contentExchange.setURL(httpsURL);

                  contentExchange.setScheme(HttpSchemes.HTTPS_BUFFER);

                  httpsClient.send(contentExchange);

                  contentExchange.waitForDone();

                  printHTTPResponse(contentExchange, "HTTPS");

            } catch (Exception e) {

                  // TODO Auto-generated catch block

                  e.printStackTrace();

            }

      }

We get this:

2010-03-09 09:34:19.800:WARN::SSL renegotiate denied:
java.nio.channels.SocketChannel[connected local=/localhost:1175
remote=host/hostname:443]

2010-03-09 09:34:19.800:WARN::EXCEPTION
ContentExchange@32794782=GET//hostname:443/MutualSSL#9

org.eclipse.jetty.io.EofException

      at
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:310)

      at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)

      at
org.eclipse.jetty.client.HttpConnection.handle(HttpConnection.java:239)

      at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint
.java:462)

      at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.ja
va:436)

      at java.lang.Thread.run(Unknown Source)

A quick look at the http server logs (when set to debug the ssl traffic)
reveal:

[Tue Mar 09 09:43:53 2010] [debug] ssl_engine_kernel.c(1907): OpenSSL:
Exit: failed in SSLv3 read client certificate A

[Tue Mar 09 09:43:53 2010] [error] [client 10.160.249.123]
Re-negotiation handshake failed: Not accepted by client!?

[Tue Mar 09 09:43:53 2010] [debug] ssl_engine_io.c(1869): OpenSSL: I/O
error, 5 bytes expected to read on BIO#b09b2f0 [mem: b0a29c0]

[Tue Mar 09 09:43:53 2010] [info] [client 10.160.249.123]
(104)Connection reset by peer: SSL input filter read failed.

[Tue Mar 09 09:43:53 2010] [info] [client 10.160.249.123] (32)Broken
pipe: core_output_filter: writing data to the network

Any guidance would be much appreciated.

Thanks

Andy