HTTPs over a proxy with apache http client

java apache http ssl

14,847

The problem was in the proxy declaration, I had to specify "http" instead of "https":

client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
        new HttpHost("proxy.int", 8080, "http"));

14,847

Author by

nablex

Updated on June 14, 2022

Comments

nablex almost 2 years

I have a http client which is based on the apache http client and it seems to have no problem with ssl certificates. I have a unit test for both globally recognized certs and self signed certs with a custom SSLSocketFactory.

However when I ran the same code behind a proxy, it stopped working. I keep getting this dreaded exception:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

I reduced the code to the bare minimum and it still throws the same exception. The code:

    URI uri = new URI("https://www.google.com");
    DefaultHttpClient client = new DefaultHttpClient();
    client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
            new HttpHost("proxy.int", 8080, "https"));

    HttpUriRequest request = new HttpGet(uri);
    HttpResponse response = client.execute(request);

I wasn't sure if it uses the default ssl settings if nothing is specified so I added it explicitly as well:

    URI uri = new URI("https://www.google.com");
    DefaultHttpClient client = new DefaultHttpClient();
    client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
            new HttpHost("proxy.int", 8080, "https"));

    client.getConnectionManager().getSchemeRegistry().register(
            new Scheme("https", 443, SSLSocketFactory.getSystemSocketFactory()));

    HttpUriRequest request = new HttpGet(uri);
    HttpResponse response = client.execute(request);

I also tried the getSocketFactory() (not entirely sure what the difference is with getSystemSocketFactory()), still the same error though.

EDIT:

The proxy has optional authentication and I have tried both with and without. The authentication information was set using the following code:

    client.getCredentialsProvider().setCredentials(
        new AuthScope("proxy.int", 8080),
        new UsernamePasswordCredentials("user", "password")
    );

Exactly the same error.

Santosh over 11 years

Does the proxy server need authentication ?
nablex over 11 years

It's optional authentication and I have tried with and without (more details added to question)