Hi, I'm trying to get some sort of access to the OpenAS2 console like you have when you start it by default (and not in a service mode, as I've recently switched to in Linux).
I'm having trouble connecting with openssl s_client, which I understand is one simple way you can do this, at least to send individual commands (or can you use this also as an interactive send/receive method, so it's basically the same as seeing OpenAS2 running in interactive mode)?
Anyway, when I try this connection, on the same server as OpenAS2 is running, I get:
> openssl s_client -connect localhost:14321
CONNECTED(00000003)
140022263502488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1563993059
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I played around with the ciphers a bit in the startup script, but I'm not sure that I'm running into that issue here.
Seems like something else is going on. How would I provide the login & password (configured in config.xml) via this openssl s_client approach anyway?
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd seen this before but didn't know how to install or launch it, so figured the openssl approach might be simpler for my few uses for this (I will mostly just use it to adjust logging level on the fly and maybe administer the keystore, which works pretty simply from the OpenAS2 command line).
I've downloaded the 2.9.0 jar from the above link, and ran it with this command, as I'd found elsewhere in the forums:
java -jar openas2-remote-2.9.0.jar localhost 14321 user password
(I only could easily do this from the server because I was getting cipher errors when running from my Windows 10 machine -- it's not really important, I can easily just run it from the Linux server running OpenAS2 server).
So I can see that it's basically working, but the one thing that's cumbersome is that the output is not like in the regular command line I'm use to (when not running OpenAS2 as a service), the results are summarized in XML with no CRLF.
Is there any option to override that and have it be more interactive friendly?
Also, did I miss some documentation on how to use this remote interface? There doesn't seem to be much in the OpenAS2 PDF (other than how to configure the interface to listen) and I didn't see any
Also what's the recommended way to exit such a session? Ctrl+C? Of course using 'exit' is not good as that seems to shutdown the server itself.
Thanks for your support.
Last edit: jll 2019-07-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The responses will be returned using XML format by default. To get simple text responses set the “response_format” attribute in the config.xml to “txt”. (this attribute is new to the SNAPSHOT release provided above).
The "exit" command will now only terminate the local remote control session. To terminate the server use "shutdown" and you will be prompted to confirm. CTRL-C also works for terminatiing the lopcal remote control session.
Last edit: Christopher Broderick 2019-07-26
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, I'm trying to get some sort of access to the OpenAS2 console like you have when you start it by default (and not in a service mode, as I've recently switched to in Linux).
I'm having trouble connecting with openssl s_client, which I understand is one simple way you can do this, at least to send individual commands (or can you use this also as an interactive send/receive method, so it's basically the same as seeing OpenAS2 running in interactive mode)?
Anyway, when I try this connection, on the same server as OpenAS2 is running, I get:
> openssl s_client -connect localhost:14321 CONNECTED(00000003) 140022263502488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1563993059 Timeout : 300 (sec) Verify return code: 0 (ok) ---I played around with the ciphers a bit in the startup script, but I'm not sure that I'm running into that issue here.
Seems like something else is going on. How would I provide the login & password (configured in config.xml) via this openssl s_client approach anyway?
Thanks.
Use the remote tool intended for this: https://mvnrepository.com/artifact/net.sf.openas2/openas2-remote
I'd seen this before but didn't know how to install or launch it, so figured the openssl approach might be simpler for my few uses for this (I will mostly just use it to adjust logging level on the fly and maybe administer the keystore, which works pretty simply from the OpenAS2 command line).
I've downloaded the 2.9.0 jar from the above link, and ran it with this command, as I'd found elsewhere in the forums:
(I only could easily do this from the server because I was getting cipher errors when running from my Windows 10 machine -- it's not really important, I can easily just run it from the Linux server running OpenAS2 server).
So I can see that it's basically working, but the one thing that's cumbersome is that the output is not like in the regular command line I'm use to (when not running OpenAS2 as a service), the results are summarized in XML with no CRLF.
Is there any option to override that and have it be more interactive friendly?
Also, did I miss some documentation on how to use this remote interface? There doesn't seem to be much in the OpenAS2 PDF (other than how to configure the interface to listen) and I didn't see any
Also what's the recommended way to exit such a session? Ctrl+C? Of course using 'exit' is not good as that seems to shutdown the server itself.
Thanks for your support.
Last edit: jll 2019-07-25
For enhanced documentation on the remote control funtionality "16. Remote Control" and ability to set the response format download this package: https://sourceforge.net/projects/openas2/files/OpenAS2Server-2.9.1-SNAPSHOT.zip/download
You will need the remote jar for this version: https://sourceforge.net/projects/openas2/files/OpenAS2Remote-2.9.1-SNAPSHOT.zip/download
The responses will be returned using XML format by default. To get simple text responses set the “response_format” attribute in the config.xml to “txt”. (this attribute is new to the SNAPSHOT release provided above).
The "exit" command will now only terminate the local remote control session. To terminate the server use "shutdown" and you will be prompted to confirm. CTRL-C also works for terminatiing the lopcal remote control session.
Last edit: Christopher Broderick 2019-07-26
Christopher, sounds great. Thanks for the updates, but I gotta say:
that last command sounds a little crude... :o)
Whoops....