diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt index aa3ab6805..38ae88a33 100644 --- a/RELEASE_NOTES.txt +++ b/RELEASE_NOTES.txt @@ -1,6 +1,9 @@ Changes since release 4.3 BETA1 ------------------- +* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions. + Contributed by Pasi Eronen + * [HTTPCLIENT-1343] SSLSocketFactory optional parameters for supported SSL protocols and cipher suites. Contributed by Oleg Kalnichevski diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java b/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java index 8d7983028..6edf04eb5 100644 --- a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java +++ b/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java @@ -562,7 +562,9 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL } // Setup SSL layering if necessary if (sock instanceof SSLSocket) { - verifyHostname((SSLSocket) sock, host.getHostName()); + final SSLSocket sslsock = (SSLSocket) sock; + sslsock.startHandshake(); + verifyHostname(sslsock, host.getHostName()); } else { sock = createLayeredSocket(sock, host.getHostName(), remoteAddress.getPort(), context); } @@ -574,14 +576,15 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL final String target, final int port, final HttpContext context) throws IOException, UnknownHostException { - final SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket( + final SSLSocket sslsock = (SSLSocket) this.socketfactory.createSocket( socket, target, port, true); - internalPrepareSocket(sslSocket); - verifyHostname(sslSocket, target); - return sslSocket; + internalPrepareSocket(sslsock); + sslsock.startHandshake(); + verifyHostname(sslsock, target); + return sslsock; } private void verifyHostname(final SSLSocket sslsock, final String hostname) throws IOException { diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java index f7ba55c70..4bb759738 100644 --- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java +++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java @@ -39,6 +39,7 @@ import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -156,7 +157,7 @@ public class TestSSLSocketFactory extends LocalServerTestBase { Assert.assertTrue(hostVerifier.isFired()); } - @Test(expected=SSLPeerUnverifiedException.class) + @Test(expected=SSLHandshakeException.class) public void testSSLTrustVerification() throws Exception { final HttpHost host = new HttpHost("localhost", 443, "https"); final HttpContext context = new BasicHttpContext();