Menu
▾
▴
[ebxmlms-develop] Re: MSH over SSL
|
From: Patrick Y. <kc...@cs...> - 2002-12-19 16:58:20
|
Hi WK, Sorry that I have tried but cannot repeat your problem. Here is what I can conclude: 1. According to our experience, the "Couldn't find trusted certificate" error is due to recepient's certificate not being imported to the cacerts file of the sender, or the certificate's common name is not matched with the connecting URL. 2. We have never met the "HTTPS hostname wrong" error. But I do have searched the internet a little bit, and found the following page describing a quite similar problem: http://forum.java.sun.com/thread.jsp?forum=3D2&thread=3D314145 In the above page, a bug of JDK 1.4.1_01 is mentioned. Although I have downloaded the JDK and tested it to be ok in my case, I suggest you to try another version of JDK, say JDK 1.4.0 to see if the problem is still there. This might generate more hints. We will continue to investigate this. Thanks. Regards, -Patrick On Thu, 19 Dec 2002, Wing Kai Chan wrote: > Hi Patrick, > > I think I have figured out the reasons (but not the solutions) of my > problems. > > 1. At the PC side, the error is 'Couldn't find trusted certificate'. > 2. At the Linux side, there is the HTTPS hostname problem mentioned in th= e > previous mail. > > That double points of failure have made me lots of confusion. The reason > why I can't send it this way is not the same as the reason why I can't se= nd > it the other way round. > > I'll call you tomorrow. Thank you. > > Regards, > WK > > ____ Forwarded by Wing Kai CHAN/ITSD/HKSARG on 19.12.2002 07:32 PM _____ > > > From: Wing Kai CHAN on 19.12.2002 07:05 PM > To: "Patrick Yee" <kc...@ce...> > cc: > Subject: MSH over SSL > > Hi Patrick, > > I found one more hint. I deduce that there is problem when referring MSH = by > IP rather than by hostname. > > Okay: Loopback_pc -> SSL Request -> MSH_linux, toMSHUrl =3D > https://hostname:8443/msh > Error: Loopback_linux -> SSL Request -> MSH_pc, toMSHUrl =3D > https://10.30.67.215:8443/msh > > Packaging... > Info: using property file in /usr/local/msh/client/sample/msh.properties.= xml > hk.hku.cecid.phoenix.message.handler.RequestException: HTTPS hostname wro= ng: sh > ould be <10.30.67.215> > at hk.hku.cecid.phoenix.message.handler.Request.sendCommand(Unkno= wn Sour > ce) > at hk.hku.cecid.phoenix.message.handler.Request.sendMessageServic= eHandle > rConfig(Unknown Source) > at hk.hku.cecid.phoenix.message.handler.Request.register(Unknown = Source) > at hk.hku.cecid.phoenix.message.handler.Request.<init>(Unknown So= urce) > at hk.hku.cecid.phoenix.message.handler.Request.<init>(Unknown So= urce) > at LoopBack.run(LoopBack.java:29) > at LoopBack.main(LoopBack.java:11) > > > ____ Forwarded by Wing Kai CHAN/ITSD/HKSARG on 19.12.2002 06:47 PM _____ > > > From: Wing Kai CHAN on 19.12.2002 06:16 PM > To: "Patrick Yee" <kc...@ce...> > cc: > Subject: MSH over SSL > > Sorry that I missed an important hint. In catalina.out it seems that it's > complaining the HTTPS hostname. But I am already calling with toMSHUrl = =3D > https://10.30.67.215:8443/msh. So what's wrong? > > Providers com.sun.net.ssl.internal.www.protocol > java.io.IOException: HTTPS hostname wrong: should be <10.30.67.215> > at sun.net.www.protocol.https.HttpsClient.b(DashoA6275) > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275) > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.con= nect(DashoA6275) > at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpU= RLConnection.java:528) > at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOld= Impl.getOutputStream(DashoA6275) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(Htt= pSOAPConnection.java:247) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$Priviled= gedPost.run(HttpSOAPConnection.java:142) > at java.security.AccessController.doPrivileged(Native Method) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(Htt= pSOAPConnection.java:115) > at hk.hku.cecid.phoenix.message.transport.HttpServlet.send(Unknown S= ource) > at hk.hku.cecid.phoenix.message.handler.HttpSender.run(Unknown Sourc= e) > java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Me= ssage send failed > at java.security.AccessController.doPrivileged(Native Method) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(Htt= pSOAPConnection.java:115) > at hk.hku.cecid.phoenix.message.transport.HttpServlet.send(Unknown S= ource) > at hk.hku.cecid.phoenix.message.handler.HttpSender.run(Unknown Sourc= e) > Caused by: javax.xml.soap.SOAPException: Message send failed > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(Htt= pSOAPConnection.java:289) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$Priviled= gedPost.run(HttpSOAPConnection.java:142) > ... 4 more > Caused by: java.io.IOException: HTTPS hostname wrong: should be <10.30.6= 7.215> > at sun.net.www.protocol.https.HttpsClient.b(DashoA6275) > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275) > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.con= nect(DashoA6275) > at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpU= RLConnection.java:528) > at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOld= Impl.getOutputStream(DashoA6275) > at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(Htt= pSOAPConnection.java:247) > ... 5 more > > ____ Forwarded by Wing Kai CHAN/ITSD/HKSARG on 19.12.2002 06:10 PM _____ > > > From: Wing Kai CHAN on 19.12.2002 05:58 PM > To: ebx...@li... > cc: > Subject: MSH over SSL > > I got a problem when I try to set up two MSHs to talk with each other ove= r > SSL. > > The message flow I want to try is: Loopback_linux -> MSH_linux -> SSL -> > MSH_pc -> Loopback_pc > > I deployed MSH v0914 to a PC and a Linux, running on Tomcat 4.0.4 which a= re > SSL-enabled. I also patched xalan.jar to the endorsed directory. > > I also imported the server cert into the java keystores of the opposite > machines, eg, > In Linux, keytool =A1Vexport =A1Vfile XXX =A1Valias tomcat > In PC, keytool =A1Vimport =A1Vfile XXX =A1Valias YYY =A1Vkeystore > %JAVA_HOME/jre/lib/security/cacerts > > Typing https://pc_ip:8443/msh and https://linux_hostname:8443/msh in > browser gives normal response. > > Running Loopback to send to oneself succeeded too. That is, there was no > problem for Loopback_linux to send message to itself via > https://linux_hostname:8443/msh and for Loopback_pc to send message to > itself via https://pc_ip:8443/msh > > The problem happened when I ran Loopback_linux with toMSHUrl =3D > https://pc_ip:8443/msh, a PrivilegedActionException was thrown and it > failed to send the message. Belows are extracts from the Linux MSH log. T= he > same error happened when I ran Loopback_pc with toMSHUrl =3D > https://linux_hostname:8443/msh. > > 2002-12-19 17:03:44,000 DEBUG [HttpProcessor[8080][3]]: Received request > for sending message > 2002-12-19 17:03:46,910 DEBUG [HttpProcessor[8080][3]]: Final sequence > number in store: -9999 > 2002-12-19 17:03:46,910 DEBUG [HttpProcessor[8080][3]]: Entering > MessageServer.store > 2002-12-19 17:03:46,960 DEBUG [HttpProcessor[8080][3]]: > getRepositoryFileName return: R0000\eYQNozgENgIDmOJlQr2WDQ=3D=3D > 2002-12-19 17:03:47,020 DEBUG [HttpProcessor[8080][3]]: Insert into > messagestore database > 2002-12-19 17:03:47,020 DEBUG [Thread-3]: Send... try #1 > 2002-12-19 17:03:47,020 DEBUG [Thread-3]: Entering MessageServer.retry > 2002-12-19 17:03:47,070 DEBUG [Thread-3]: Current: 0 specified: 1 > 2002-12-19 17:03:47,070 DEBUG [Thread-3]: Update state to become 1 > 2002-12-19 17:03:48,280 DEBUG [Thread-3]: > hk.hku.cecid.phoenix.message.handler.HttpSender cannot send message > successfully for 1 times: > hk.hku.cecid.phoenix.message.transport.TransportException: > java.security.PrivilegedActionException: javax.xml.soap.SOAPException: > Message send failed > > Does anybody know what happens? Thanks for any advice. > > Regards, > WK > > > > > > > > > > > > |
