HTTP SSL Mutual Authentication Code worked in Apache HTTPClient 4.0.1 but fails in 4.1

I'm performing mutual authentication for a client to a server.

I have a server with a self signed certificate. I've created a java key store (trustStore) which includes that server in the trust store. I have a keystore which includes my certificate and private key. My certificate was signed by the server (the same which self-signed and is in my truststore). I've used the API to create a SSLSocketFactory that registers my keystore and truststore (similar to this post Mutual Authentication with x509 Certificates using HttpClient 4.0.1).

Using Apache HTTPClient 4.0.1 it all worked. I upgraded to 4.1 and other than having to reorder the arguments in the Scheme constructor the code is the same. However, now I get a javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Help, please?

I see there is a org.apache.http.conn.ssl.TrustSelfSignedStrategy in 4.1 but haven't found any examples of how to use it. I'm not even sure that I would want to use it. I'd have to make that a user choice, which would seem that it would be better for them to just give me their server certificate to add to my trust store. (http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/TrustSelfSignedStrategy.html)

Below is the code:

    String doGet(URI uri, String acceptType) throws Exception 
    { 
            // To be replaced by common module. 
            String result = null; 
            DefaultHttpClient httpclient = new DefaultHttpClient(); 
            try 
            { 
                    SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, String.valueOf(keyStorePassword), trustStore); 
                    Scheme sch = new Scheme("https", 443, socketFactory); 
                    httpclient.getConnectionManager().getSchemeRegistry().register(sch); 

                    HttpGet httpget = new HttpGet(uri.toASCIIString()); 
                    httpget.addHeader("Accept", acceptType); 
                 开发者_运维百科   HttpResponse response = httpclient.execute(httpget); 
                    HttpEntity entity = response.getEntity(); 

                    result = IOUtils.getContent(entity.getContent()); 
            } finally 
            { 
                    httpclient.getConnectionManager().shutdown(); 
            } 

            return result; 
    } 

Below is the exception I get in 4.1:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) 
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) 
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390) 
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) 
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) 
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) 
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562) 
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754) 
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)

I posted this on the HTTPClient user list and after interacting with the developers a bug in 4.1 is found and is going to be fixed 4.1.1.

http://old.nabble.com/SSL-Mutual-Authentication-Code-worked-in-4.0.1-but-fails-in-4.1-tt31092864.html