Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

play.ws.ssl.loose.acceptAnyCertificate config does not work #1099

Closed
museOnSite opened this issue Feb 25, 2016 · 4 comments
Closed

play.ws.ssl.loose.acceptAnyCertificate config does not work #1099

museOnSite opened this issue Feb 25, 2016 · 4 comments

Comments

@museOnSite
Copy link

I'm using Play 2.5.0-RC1. I put play.ws.ssl.loose.acceptAnyCertificate=true but I got the error below while my http client is injected like this:

class Application @Inject() (ws: WSClient) extends Controller`
play.api.http.HttpErrorHandlerExceptions$$anon$1: Execution exception[[ConnectException: General SSLEngine problem]]
        at play.api.http.HttpErrorHandlerExceptions$.throwableToUsefulException(HttpErrorHandler.scala:265) ~[play_2.11-2.4.6.jar:2.4.6]
        at play.api.http.DefaultHttpErrorHandler.onServerError(HttpErrorHandler.scala:191) ~[play_2.11-2.4.6.jar:2.4.6]
        at play.api.GlobalSettings$class.onError(GlobalSettings.scala:179) [play_2.11-2.4.6.jar:2.4.6]
        at play.api.mvc.WithFilters.onError(Filters.scala:93) [play_2.11-2.4.6.jar:2.4.6]
        at play.api.http.GlobalSettingsHttpErrorHandler.onServerError(HttpErrorHandler.scala:94) [play_2.11-2.4.6.jar:2.4.6]
        at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$9$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:151) [play-netty-server_2.11-2.4.6.jar:2.4.6]
        at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$9$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:148) [play-netty-server_2.11-2.4.6.jar:2.4.6]
        at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36) [scala-library-2.11.6.jar:na]
        at scala.util.Failure$$anonfun$recover$1.apply(Try.scala:215) [scala-library-2.11.6.jar:na]
        at scala.util.Try$.apply(Try.scala:191) [scala-library-2.11.6.jar:na]
Caused by: java.net.ConnectException: General SSLEngine problem
        at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:128) ~[async-http-client-1.9.21.jar:na]
        at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37) ~[async-http-client-1.9.21.jar:na]
        at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:101) ~[async-http-client-1.9.21.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1460) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1314) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.10.4.Final.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[na:1.8.0_71]
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[na:1.8.0_71]
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[na:1.8.0_71]
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[na:1.8.0_71]
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_71]
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310) ~[netty-3.10.4.Final.jar:na]
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[netty-3.10.4.Final.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_71]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_71]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[na:1.8.0_71]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[na:1.8.0_71]
        at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_71]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[na:1.8.0_71]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_71]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_71]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_71]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_71]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[na:1.8.0_71]
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[na:1.8.0_71]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) ~[na:1.8.0_71]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_71]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[na:1.8.0_71]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.8.0_71]
        at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_71]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_71]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[na:1.8.0_71]
@museOnSite museOnSite mentioned this issue Feb 25, 2016
Closed
@slandelle
Copy link
Contributor

From playframework/playframework#4796 (comment), did you properly read me?

I said:

pure AsyncHttpClient based

ie, without the Play layer

reproducer

ie a sample so I can reproduce.

@museOnSite
Copy link
Author

@slandelle You were wright, the problem comes from Play framework. I made the option work with pure AsyncHttpClient.

    val config = new DefaultAsyncHttpClientConfig.Builder().setAcceptAnyCertificate(true).build
    val httpClient = new DefaultAsyncHttpClient(config)
    val resp = httpClient.prepareGet("https://targetUrl").execute()

@slandelle
Copy link
Contributor

That's good news, at least for me. Thanks for your feedback.

Beware of what I explained in the Play issue: this option is probably something you don't want to use on production.

@museOnSite
Copy link
Author

Sure ! In my case, this is a http request made in DMZ. So no risk ;)
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@slandelle @museOnSite