Closed rogerhill01234 closed 8 years ago
AbstractHttpTransport default constructor uses deprecated DefaultHttpClient. Need to use HttpClientBuilder with useSystemProperties() now. Should this be a more general mechanism to set a custom HttpClient in the DefaultHttpsTransport instance? Dependency Injection would be nice here, but just a setter for the httpClient instance might do the trick.
Looks like you could do new ConsulClient(new ConsulRawClient(HttpClient)
. And to clarify, Spring Cloud Consul uses ConsulClient
, so when @rogerhill01234 says "we saw that Spring Consul library is using deprecated classes of http client" he means ConsulClient
.
spring-cloud-consul depends on httpclient 4.5.2, but consul-api depends on httpclient 4.2.5. There is no 'curated jar' to satisfy both requirements. spring-cloud-consul class ConsulAutoConfiguration uses @ConditionalOnMissingBean, so perhaps I can inject a ConsulClient created as you suggest, I will try it. Thanks for the input.
@bryan-helm should keep spring related discussion in the original issue https://github.com/spring-cloud/spring-cloud-consul/issues/212
1) I've updated consul-api HttpClient dependency up to 4.5.2 in #58 2) I've change HttpClient setup and start to use modern HttpClientBuilder with useSystemProperties()
Have you defined your key and trust store locations with system properties? You can’t have that stuff in consul and use it to call consul too.
BRYAN HELM Senior Strategic Projects Developer – Enterprise Architecture main 817.246.6760 | ext. 3027 | mobile 817.456.6677
From: Rafal Smolinski [mailto:notifications@github.com] Sent: Tuesday, July 11, 2017 6:07 AM To: Ecwid/consul-api consul-api@noreply.github.com Cc: Bryan Helm bhelm@pdxinc.com; Mention mention@noreply.github.com Subject: Re: [Ecwid/consul-api] 2-way SSL from Spring to Consul fails. (Keystore is not being read) (#67)
For me this issue is still present.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Ecwid/consul-api/issues/67#issuecomment-314410845, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AUX68CpBD0b0YNGTIcD6Pw_sIvmQOhZZks5sM1dpgaJpZM4Jxm4Y.
This e-mail and its contents (to include attachments) are the property of National Health Systems, Inc., its subsidiaries and affiliates, including but not limited to Rx.com Community Healthcare Network, Inc. and its subsidiaries, and may contain confidential and proprietary or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that any unauthorized disclosure, copying, or distribution of this e-mail or of its attachments, or the taking of any unauthorized action based on information contained herein is strictly prohibited. Unauthorized use of information contained herein may subject you to civil and criminal prosecution and penalties. If you are not the intended recipient, please immediately notify the sender by telephone at 800-433-5719 or return e-mail and permanently delete the original e-mail.
I have same problem, -Djavax.net.ssl.keyStore property is not being read. If I use SSLPoke.class with same parameters I can successfully connect to consul server.
public class Application {
@RequestMapping("/")
public String home() {
return "Hello World";
}
public static void main(String[] args) {
System.setProperty("javax.net.ssl.trustStore", "REDACTED");
System.setProperty("javax.net.ssl.keyStore", "REDACTED");
System.setProperty("javax.net.ssl.keyStorePassword", "REDACTED");
System.setProperty("javax.net.ssl.trustStorePassword", "REDACTED");
SpringApplication.run(Application.class, args);
}
}
2017-08-09 13:29:32.348 INFO 29913 --- [ main] f.a.AutowiredAnnotationBeanPostProcessor : JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
2017-08-09 13:29:32.373 INFO 29913 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'configurationPropertiesRebinderAutoConfiguration' of type [org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration$$EnhancerBySpringCGLIB$$9497abe0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
trustStore is: <REDACTED>
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
<REDACTED>
trigger seeding of SecureRandom
done seeding SecureRandom
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _ | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.2.RELEASE)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1485435420 bytes = { 92, 68, 118, 90, 129, 203, 17, 41, 191, 111, 133, 174, 241, 236, 116, 177, 213, 9, 144, 212, 151, 158, 222, 197, 126, 82, 77, 233 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
[write] MD5 and SHA1 hashes: len = 209
0000: 01 00 00 CD 03 03 59 8A F2 1C 5C 44 76 5A 81 CB ......Y...\DvZ..
0010: 11 29 BF 6F 85 AE F1 EC 74 B1 D5 09 90 D4 97 9E .).o....t.......
0020: DE C5 7E 52 4D E9 00 00 64 C0 24 C0 28 00 3D C0 ...RM...d.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 C0 08 C0 ../...-.1.......
0080: 12 00 0A C0 03 C0 0D 00 16 00 13 00 FF 01 00 00 ................
0090: 40 00 0A 00 16 00 14 00 17 00 18 00 19 00 09 00 @...............
00A0: 0A 00 0B 00 0C 00 0D 00 0E 00 16 00 0B 00 02 01 ................
00B0: 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 05 01 04 ................
00C0: 03 04 01 04 02 03 03 03 01 03 02 02 03 02 01 02 ................
00D0: 02 .
main, WRITE: TLSv1.2 Handshake, length = 209
[Raw write]: length = 214
0000: 16 03 03 00 D1 01 00 00 CD 03 03 59 8A F2 1C 5C ...........Y...\
0010: 44 76 5A 81 CB 11 29 BF 6F 85 AE F1 EC 74 B1 D5 DvZ...).o....t..
0020: 09 90 D4 97 9E DE C5 7E 52 4D E9 00 00 64 C0 24 ........RM...d.$
0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
0080: 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 ................
0090: 00 FF 01 00 00 40 00 0A 00 16 00 14 00 17 00 18 .....@..........
00A0: 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 16 ................
00B0: 00 0B 00 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 ................
00C0: 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 02 ................
00D0: 02 03 02 01 02 02 ......
[Raw read]: length = 5
0000: 16 03 03 00 31 ....1
[Raw read]: length = 49
0000: 02 00 00 2D 03 03 22 91 92 0D 53 9B B1 25 68 85 ...-.."...S..%h.
0010: 33 CB 9A 60 C7 9D 87 DA 6D 40 6C E0 60 3F CE 93 3......m@l.?..
0020: 15 DF C2 25 B5 64 00 C0 14 00 00 05 FF 01 00 01 ...%.d..........
0030: 00 .
main, READ: TLSv1.2 Handshake, length = 49
*** ServerHello, TLSv1.2
RandomCookie: GMT: 563122701 bytes = { 83, 155, 177, 37, 104, 133, 51, 203, 154, 96, 199, 157, 135, 218, 109, 64, 108, 224, 96, 63, 206, 147, 21, 223, 194, 37, 181, 100 }
Session ID: {}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes: len = 49
0000: 02 00 00 2D 03 03 22 91 92 0D 53 9B B1 25 68 85 ...-.."...S..%h.
0010: 33 CB 9A 60 C7 9D 87 DA 6D 40 6C E0 60 3F CE 93 3......m@l.?..
0020: 15 DF C2 25 B5 64 00 C0 14 00 00 05 FF 01 00 01 ...%.d..........
0030: 00 .
[Raw read]: length = 5
0000: 16 03 03 03 59 ....Y
[Raw read]: length = 857
REDACTED
main, READ: TLSv1.2 Handshake, length = 857
*** Certificate chain
chain [0] = [
REDACTED
]
]
***
Found trusted certificate:
[
REDACTED
]
*** CertificateRequest
Cert Types: RSA, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withECDSA, SHA384withRSA, SHA384withECDSA, SHA1withRSA, SHA1withECDSA
Cert Authorities:
[read] MD5 and SHA1 hashes: len = 108
0000: 16 03 03 00 04 .....
[Raw read]: length = 4
0000: 0E 00 00 00 ....
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
[write] MD5 and SHA1 hashes: len = 77
REDACTED
main, WRITE: TLSv1.2 Handshake, length = 77
[Raw write]: length = 82
REDACTED
SESSION KEYGEN:
PreMaster Secret:
REDACTED
CONNECTION KEYGEN:
Client Nonce:
REDACTED
Server Nonce:
REDACTED
Master Secret:
REDACTED
Client MAC write Secret:
REDACTED
Server MAC write Secret:
REDACTED
Client write key:
REDACTED
Server write key:
REDACTED
*** Finished
verify_data: { 233, 249, 154, 229, 213, 66, 143, 69, 87, 27, 151, 7 }
***
[write] MD5 and SHA1 hashes: len = 16
REDACTED
Padded plaintext before ENCRYPTION: len = 64
main, WRITE: TLSv1.2 Handshake, length = 64
main, waiting for close_notify or alert: state 1
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
2017-08-09 13:29:33.037 ERROR 29913 --- [ main] o.s.c.c.c.ConsulPropertySourceLocator : Fail fast is set and there was an error reading configuration from consul.
2017-08-09 13:29:33.038 WARN 29913 --- [ main] o.s.boot.SpringApplication : Error handling failed (ApplicationEventMulticaster not initialized - call 'refresh' before multicasting events via the context: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@37ff4054: startup date [Thu Jan 01 01:00:00 CET 1970]; parent: org.springframework.context.annotation.AnnotationConfigApplicationContext@770d3326)
2017-08-09 13:29:33.045 ERROR 29913 --- [ main] o.s.boot.SpringApplication : Application startup failed
com.ecwid.consul.transport.TransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:96) ~[consul-api-1.2.3.jar:na]
at com.ecwid.consul.transport.AbstractHttpTransport.makeGetRequest(AbstractHttpTransport.java:55) ~[consul-api-1.2.3.jar:na]
at com.ecwid.consul.v1.ConsulRawClient.makeGetRequest(ConsulRawClient.java:81) ~[consul-api-1.2.3.jar:na]
at com.ecwid.consul.v1.kv.KeyValueConsulClient.getKVValues(KeyValueConsulClient.java:150) ~[consul-api-1.2.3.jar:na]
at com.ecwid.consul.v1.ConsulClient.getKVValues(ConsulClient.java:492) ~[consul-api-1.2.3.jar:na]
at org.springframework.cloud.consul.config.ConsulPropertySource.init(ConsulPropertySource.java:66) ~[spring-cloud-consul-config-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.create(ConsulPropertySourceLocator.java:157) ~[spring-cloud-consul-config-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.locate(ConsulPropertySourceLocator.java:131) ~[spring-cloud-consul-config-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) ~[spring-cloud-context-1.2.3.RELEASE.jar:1.2.3.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:611) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:348) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
at hello.Application.main(Application.java:52) [main/:na]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_141]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779) ~[na:1.8.0_141]
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124) ~[na:1.8.0_141]
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1130) ~[na:1.8.0_141]
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1216) ~[na:1.8.0_141]
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1128) ~[na:1.8.0_141]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) ~[na:1.8.0_141]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[na:1.8.0_141]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[na:1.8.0_141]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[na:1.8.0_141]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:140) ~[httpclient-4.5.3.jar:4.5.3]
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:80) ~[consul-api-1.2.3.jar:na]
... 14 common frames omitted
Process finished with exit code 1
We have a very simple application. All it does is read KVs from Consul. During SSL handshake, the client fails to send the client certificate resulting in bad certificate error. What we found was that ID keystore specified in command line JVM param -Djavax.net.ssl.keyStore was not being read. Appears to be a bug in the library. While debugging through the code, we saw that Spring Consul library is using deprecated classes of http client. Is that the reason we are seeing this issue?
Here is the code. We have a single file.
com.test.TestApp.java;
Here is the gradle build file:
Here is the log file contents with SSL debug enabled: