tracker issue | What iT iS dESign studios

Title:

CFHTTP crashes when CLIENTCERT is specified

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Samuel Knowlton / Samuel Knowlton (Samuel Knowlton)

Created: 03/04/2012

Components: Net Protocols, HTTP

Versions: 10.0

Failure Type: Crash

Found In Build/Fixed In Build: Public Beta / 281741

Priority/Frequency: Critical / All users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 0

Problem Description: When using the CFHTTP tag with a client certificate, the page crashes before the http request is sent. The same code works correctly in CF8 and there is no problem with the client certificate file.

Steps to Reproduce:

1) Get hold of any .p12 client cert. It does not matter if the server you are trying to submit it to will actually recognize it, though you do have to have the correct decryption password.

2)  Try the following code:

<cfhttp url="www.google.com" method="POST" username="any" password="any" clientcert="c:\path\to\cert" clientcertpassword="passwordToDecryptClientCert">
<cfhttpparam name="foo" type="formfield" value="bar">
</cfhttp>

Actual Result: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl cannot be cast to org.apache.http.conn.scheme.SchemeSocketFactory null

Expected Result: HTTP request made to client server.

Any Workarounds: None found so far.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3129766

External Customer Info:
External Company:  
External Customer Name: Aquitaine
External Customer Email:  
External Test Config: My Hardware and Environment details:Windows 2008 Server 64-bit, 8 gigs of RAM, JVM 1.6.0



erver Details

Server Product 	ColdFusion

Version 	ColdFusion 10,281485

Edition 	Enterprise (Trial)  

Operating System 	Windows Server 2008 R2  

OS Version 	6.1  

Update Level 	/C:/ColdFusion10/cfusion/lib/updates/chf10000002.jar  

Adobe Driver Version 	4.1 (Build 0001)  





JVM Details

Java Version 	1.6.0_29  

Java Vendor 	Sun Microsystems Inc.  

Java Vendor URL 	http://java.sun.com/  

Java Home 	C:\ColdFusion10\jre  

Java File Encoding 	Cp1252  

Java Default Locale 	en_US  

File Separator 	\  

Path Separator 	;  

Line Separator 	Chr(13)  

User Name 	INLEAGUE-WEB$  

User Home 	C:\  

User Dir 	C:\ColdFusion10\cfusion\bin  

Java VM Specification Version 	1.0  

Java VM Specification Vendor 	Sun Microsystems Inc.  

Java VM Specification Name 	Java Virtual Machine Specification  

Java VM Version 	20.4-b02  

Java VM Vendor 	Sun Microsystems Inc.  

Java VM Name 	Java HotSpot(TM) 64-Bit Server VM  

Java Specification Version 	1.6  

Java Specification Vendor 	Sun Microsystems Inc.  

Java Specification Name 	Java Platform API Specification  

Java Class Version 	50.0

Attachments:

Comments:

Stack Trace:

StackTrace 	java.lang.ClassCastException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl cannot be cast to org.apache.http.conn.scheme.SchemeSocketFactory at coldfusion.tagext.net.HttpTag.createConnection(HttpTag.java:1789) at coldfusion.tagext.net.HttpTag.connHelper(HttpTag.java:907) at coldfusion.tagext.net.HttpTag.doEndTag(HttpTag.java:1198) at cftest2ecfm298553823.runPage(C:\inetpub\wwwroot\inleague-dev\inleague\test.cfm:35) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:235) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:429) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:62) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:410) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:75) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:204) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:203) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)

Comment by External U.

20427 | March 04, 2012 10:41:20 AM GMT

With the fix, I could make a successful http request using client certificate.

Comment by Akhila K.

20428 | March 06, 2012 02:56:30 AM GMT

tracker issue : CF-3129766

CFHTTP crashes when CLIENTCERT is specified