https://github.com/gebi/sslpoke

Tool to test SSL connections from within the java VM (with http proxy support)
https://github.com/gebi/sslpoke

certificates java keystores ops ops-infra ssl tls

Last synced: about 2 months ago
JSON representation

Tool to test SSL connections from within the java VM (with http proxy support)

• Host: GitHub
• URL: https://github.com/gebi/sslpoke
• Owner: gebi
• License: apache-2.0
• Created: 2020-01-09T20:34:53.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2023-10-18T17:42:09.000Z (11 months ago)
• Last Synced: 2024-06-08T00:35:03.665Z (4 months ago)
• Topics: certificates, java, keystores, ops, ops-infra, ssl, tls
• Language: Java
• Homepage:
• Size: 11.7 KB
• Stars: 26
• Watchers: 2
• Forks: 17
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# sslpoke

Tool to test SSL connections from within the java VM, including HTTP proxy support, on java application servers.

I got the initial version of this tool from: https://confluence.atlassian.com/download/attachments/117455/SSLPoke.java

Fixed it up, added features and use it mostly to test/debug/validate certificate issues in java based deployments.

If you need any features feel free to add them and send pull requests.

## Build

```

% make

javac SSLPoke.java

```

## Usage

Normal usage with successfull response would be:

```

% java SSLPoke google.com 443

Successfully connected

```

Usage with connection via http proxy would be (http/1.1 CONNECT is used to tunnel the data):

```

% java -Dhttps.proxyHost=your.proxy.host -Dhttps.proxyPort=8080 SSLPoke google.com 443

Using proxy: your.proxy.host:8080

Successfully connected

```

Usage with special trustStore file set:

```

% java -Djavax.net.ssl.trustStore=your_special_keystore SSLPoke google.com 443

Successfully connected

```

## Errors seen from sslpoke

Usual failure in corporate environments where you forgot to use the proxy

(in which case just abort the tool with ctrl+c if you don't want to wait)

*(sslpoke exists with error = 1)*

```

% java SSLPoke google.com 443

java.net.ConnectException: Connection timed out (Connection timed out)

        at java.net.PlainSocketImpl.socketConnect(Native Method)

        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

        at java.net.Socket.connect(Socket.java:607)

        at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)

        at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:426)

        at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88)

        at SSLPoke.main(SSLPoke.java:41)

```

Certificate error *(sslpoke exists with error = 1)*

```

% java SSLPoke bad.cert.host 443

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

        at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)

        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)

        at SSLPoke.main(SSLPoke.java:53)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

        at sun.security.validator.Validator.validate(Validator.java:262)

        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)

        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

        ... 9 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

        ... 15 more

```