search

ashikahmad / restclient-tool

Automatically exported from code.google.com/p/restclient-tool
0 stars 0 forks source link

peer not authenticated #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. install a self-signed cert on the server
2. send a request to the https url on the server using restclient

What is the expected output? What do you see instead?
Instead of a ok response I get an error from restclient:
"Error:peer not authenticated"

What version of the product are you using? On what operating system?
1.0.2 on Windows 7

Please provide any additional information below.
This is probably a problem with httpclient. I can see that the 1.0.2. release 
notes say "Do not verify host names in SSL certificate. Allow all host names.", 
but appearently this does not work. Another possible solution is to allow 
importing server certs from a keystore.

Original issue reported on code.google.com by haj...@gmail.com on 9 Aug 2011 at 4:03

GoogleCodeExporter commented 9 years ago 
Are you able to hit your https url using browser? How about hitting some public 
https urls like https://www.google.com/accounts/ServiceLoginAuth using 
restclient?

SSL trust verification and hostname verification are two different things. 
First SSL trust is verified then, if hostname verification is enabled, target 
hostname is matched against the names stored inside the server's X.509 
certificate, after connection has been established. Hostname verification is 
disabled in restclient.

It looks like your self-signed certificate is not correctly 
installed/configured and connection is not established at very first step.

-Yadu

Original comment by a1yadu on 9 Aug 2011 at 6:04

GoogleCodeExporter commented 9 years ago 
Hitting https://www.google.com/accounts/ServiceLoginAuth using restclient works 
fine.
I had the same problem with wiztools.org restclient, and that was solved by 
adding the cert to a keystore, but I can't do that with restclient-tool.

The cert is on Amazon Elastic Beanstalk so there isn't much I can do about the 
configuration except enable/disable.

Original comment by haj...@gmail.com on 9 Aug 2011 at 6:30

GoogleCodeExporter commented 9 years ago 

Able to reproduce in case of self signed SSL certificate. It should work fine 
with all other valid SSLs.

As a side note, it complains if there is no SSL certificate installed on server 
and request is made over https, no matter if verification is disabled.

I'll add fix in next release. Thanks for raising it.

Original comment by a1yadu on 22 Aug 2011 at 6:45

GoogleCodeExporter commented 9 years ago 
When I am saying "It should work fine with all other valid SSLs." that means 
certificate must be signed by CA as recognized by JVM.

Original comment by a1yadu on 22 Aug 2011 at 7:51

GoogleCodeExporter commented 9 years ago 
Fixed with version 1.0.3. Refer documentation @ 
http://code.google.com/a/eclipselabs.org/p/restclient-tool/source/browse/trunk/d
ocs/ssl-handling.txt

Original comment by a1yadu on 12 Sep 2011 at 8:52