Issue 12104
gbif-httputils: SSL handshake problem downloading from https
12104
Reporter: kbraak
Type: Bug
Summary: gbif-httputils: SSL handshake problem downloading from https
Priority: Critical
Status: Reopened
Created: 2012-10-25 12:46:53.888
Updated: 2013-12-06 13:42:20.773
Description: The problem is in newMultithreadedClientHttps, used for https downloads.
Basically, when downloading https://ia701504.us.archive.org/3/items/DistributionRecordsOfVascularPlantsInKyrgyzstan/50879bfa294aa.zip the following exception is thrown:
[10/24/12 3:33:20 PM] Kyle: com.sun.net.ssl.internal.ssl.SSLSessionImpl. getPeerCertificates ( SSLSessionImpl.java: 352 )
org.apache.http.conn.ssl.AbstractVerifier. verify ( AbstractVerifier.java: 128 )
org.apache.http.conn.ssl.SSLSocketFactory. connectSocket ( SSLSocketFactory.java: 390 )
org.apache.http.impl.conn.DefaultClientConnectionOperator. openConnection ( DefaultClientConnectionOperator.java: 148 )
org.apache.http.impl.conn.AbstractPoolEntry. open ( AbstractPoolEntry.java: 149 )
org.apache.http.impl.conn.AbstractPooledConnAdapter. open ( AbstractPooledConnAdapter.java: 121 )
org.apache.http.impl.client.DefaultRequestDirector. tryConnect ( DefaultRequestDirector.java: 561 )
org.apache.http.impl.client.DefaultRequestDirector. execute ( DefaultRequestDirector.java: 415 )
org.apache.http.impl.client.AbstractHttpClient. execute ( AbstractHttpClient.java: 820 )
org.apache.http.impl.client.AbstractHttpClient. execute ( AbstractHttpClient.java: 754 )
org.apache.http.impl.client.AbstractHttpClient. execute ( AbstractHttpClient.java: 732 )
org.gbif.utils.HttpUtil. download ( HttpUtil.java: 330 )
org.gbif.harvest.dwcarchive.DwcArchiveMetadataHandler. download ( DwcArchiveMetadataHandler.java: 315 )
[10/24/12 3:33:43 PM] Kyle: Jose is trying the fix suggested here: http://javaskeleton.blogspot.dk/2010/07/avoiding-peer-not-authenticated-with.html]]>
Author: mdoering@gbif.org
Comment: seems good to follow that blog in our http utils class when creating a new client
Created: 2012-10-25 12:55:44.832
Updated: 2012-10-25 12:55:44.832
Author: kbraak@gbif.org
Created: 2013-04-25 15:12:02.153
Updated: 2013-04-25 15:12:02.153
This issue arose connecting to a BioCASE access point: https://biocase.kbs-leipzig.de/pywrapper.cgi?dsa=InSax
14:50:46 Connection error
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) ~[na:1.6]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) ~[httpclient-4.2.jar:4.2]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:641) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) ~[httpclient-4.2.jar:4.2]
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) ~[httpclient-4.2.jar:4.2]
at org.gbif.registry.sync.util.RequestUtils.executeHttpMethod(RequestUtils.java:142) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.sync.util.RequestUtils.executeGetRequestAndReturnBytesReponse(RequestUtils.java:114) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.MetadataRequestHandler.issueRequest(MetadataRequestHandler.java:159) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.biocase.BiocaseMetadataRequestHandler.fetchCapabilities(BiocaseMetadataRequestHandler.java:51) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.biocase.BiocaseMetadataSynchronizer.synchronize(BiocaseMetadataSynchronizer.java:153) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.messaging.RegistrySyncListener.synchronize(RegistrySyncListener.java:155) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.messaging.RegistrySyncListener.onMessage(RegistrySyncListener.java:100) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.registry.service.sync.messaging.RegistrySyncListener.onMessage(RegistrySyncListener.java:40) [registry-metadata-sync-0.3-SNAPSHOT.jar:0.3-SNAPSHOT]
at org.gbif.messaging.amqp.AMQPListener.getMessage(AMQPListener.java:71) [gbif-messaging-0.2-20121127.133405-67.jar:0.2-SNAPSHOT]
at org.gbif.messaging.amqp.AMQPThreadListener.startListening(AMQPThreadListener.java:66) [gbif-messaging-0.2-20121127.133405-67.jar:0.2-SNAPSHOT]
at org.gbif.messaging.amqp.AMQPThreadListener.run(AMQPThreadListener.java:50) [gbif-messaging-0.2-20121127.133405-67.jar:0.2-SNAPSHOT]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [na:1.6.0_37]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [na:1.6.0_37]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_37]
Out of curiosity, [~lfrancke@gbif.org] does the Crawler use the common gbif-httputils and thus have this problem too?