Re: [Simpleweb-Support] SSL problem
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] SSL problem
|
From: Martin N. <mar...@gm...> - 2005-10-20 14:11:55
|
Apparently it's Java 5 SSL implementation that is at fault (??). I
switched to using stunnel and running simpleweb on a normal
serversocket. It is very annoying though, so I probably need to find a
java wrapper for OpenSSL server sockets but I cant seem to find that
(as all were discontinued when Java released JSSE).
Have you tried to run simpleweb on Java 5 SSL socket? Or just Java 1.4
? I might change to Java 1.4 but then i have to rewrite much of the
source code.
Thanks for the help.
/Martin
On 10/20/05, Niall Gallagher <gal...@ya...> wrote:
> Hi Martin,
>
> If you are sure that the client is closing the
> connection, which causes the broken pipe at the server
> side then its an SSL/TLS problem. The SSL handshake is
> getting mangled or something is corrupt within the SSL
> stream.
>
> HTTP cannot be the problem. HTTPS means HTTP tunneled
> through SSL/TLS. The secure socket layer knows nothing
> about HTTP so it really does not matter what
> configuration you are using in your HTTP messages.
>
> If you do think it is something with Simple, which I
> think is quite unlikely, then I suggest you use
> something like the following to debug the response.
> Here 443 is the traditional HTTPS port, if you are
> listening on some other port then change accordingly.
>
> openssl s_client -connect my.hostname:443 -state
> -debug
>
> Niall
>
> --- Martin Norrsken <mar...@gm...> wrote:
>
> > On 10/19/05, Niall Gallagher
> > <gal...@ya...> wrote:
> > > Hi Martin,
> > >
> > > I have used SSL quite frequently in Java 4, and
> > never
> > > encountered this problem. Although I can say that
> > the
> > > broken pipe you see on the server side indicates
> > that
> > > it is the client that is closing the socket.
> >
> > The client is probably closing the connection
> > because it gets an SSL
> > "unexpected_message" from the server. Also I only
> > get this error
> > intermittently, but NOT when i'm using
> > javax.net.debug=3Dall (probably
> > as this slows down the process considerably).
> >
> > >
> > > If the client is closing the connection then there
> > is
> > > misconfiguration of the SSL socket. SSL is
> > intependant
> > > from HTTP, so I can't really say whats happening.
> >
> > This is what I'm at too. Here's parts of my socket
> > and simpleweb
> > initialization code:
> > --------------------
> > public static void init() {
> > try {
> > Configuration conf =3D Configuration.getInstance(=
);
> >
> >
> System.setProperty("javax.net.ssl.trustStore",conf.getKeystore());
> >
> >
> System.setProperty("javax.net.ssl.trustStorePassword",conf.getKeystorePas=
sword());
> >
> > engine =3D new LoaderEngine();
> >
> >
> engine.load("logout","norrsken.jcas.web.LogoutService");
> >
> >
> engine.load("login","norrsken.jcas.web.LoginService");
> >
> >
> engine.load("success","norrsken.jcas.web.SuccessService");
> >
> >
> engine.load("validate","norrsken.jcas.web.ValidateService");
> >
> >
> engine.load("admin","norrsken.jcas.web.AdminService");
> >
> > engine.link("/admin","admin");
> > engine.link("/login","login");
> > engine.link("/loginForm","login");
> > engine.link("/logout","logout");
> > engine.link("/success","success");
> > engine.link("/validate","validate");
> >
> > WebPageService.register(engine);
> >
> > try {
> > System.setErr(new PrintStream(new
> > DoubleOutputStream(System.err,new
> > FileOutputStream(conf.getTraceFile()))));
> > } catch(Exception e) {
> > e.printStackTrace();
> > System.exit(1);
> > }
> >
> > ProtocolHandler handler =3D
> > ProtocolHandlerFactory.getInstance(engine);
> > Connection connection =3D
> > ConnectionFactory.getConnection(handler);
> >
> > s =3D
> >
> createSocket(conf.getKeystore(),conf.getKeystorePassword(),conf.getPort()=
);
> >
> > connection.connect(s);
> >
> > } catch (Exception e) {
> > e.printStackTrace();
> > }
> >
> > }
> >
> > public static SSLServerSocket createSocket(String
> > ksName, String
> > ksPass, int port) throws Exception {
> > char tksPass[] =3D ksPass.toCharArray();
> > char tctPass[] =3D ksPass.toCharArray();
> >
> > KeyStore ks =3D KeyStore.getInstance("JKS");
> > ks.load(new FileInputStream(ksName), tksPass);
> >
> > KeyManagerFactory kmf =3D
> > KeyManagerFactory.getInstance("SunX509");
> > kmf.init(ks, tctPass);
> >
> > SSLContext sc =3D SSLContext.getInstance("TLS");
> > sc.init(kmf.getKeyManagers(), null, null);
> > SSLServerSocketFactory ssf =3D
> > sc.getServerSocketFactory();
> >
> > SSLServerSocket ssls =3D (SSLServerSocket)
> > ssf.createServerSocket(port);
> > //ssls.setEnabledProtocols(new
> > String[]{"SSLv3","TLSv1"});
> > return ssls;
> > }
> >
> >
> > ------------------
> > Also, i use this code to wrap my handlers:
> > ------------------
> >
> > public abstract class ExtendedService extends
> > BasicService {
> > public ExtendedService(Context ctx) {
> > super(ctx);
> > }
> >
> > public void handle(final Request req, final
> > Response resp) {
> > try {
> > if(!resp.isCommitted()) resp.reset(); // Tried
> > adding this
> > resp.setDate("Date",System.currentTimeMillis());
> > resp.set("Server","MyServer/1.x");
> > //resp.set("Connection","close"); // Tried this
> > too if it was a HTTP/1.1 prob
> > process(req, resp);
> > //resp.getOutputStream().flush(); // Tried all
> > combinations of
> > flush close and commit
> > resp.getOutputStream().close();
> > resp.commit();
> > }
> > catch(InternetAddressFilter.AccessDeniedException
> > ade) {
> > Log.log("EXCEPTION: "+ade.toString());
> > ade.printStackTrace();
> > ade.printStackTrace(Log.out);
> > handle(req,resp,404);
> > } catch (Exception e) {
> > Log.log("EXCEPTION: "+e.toString());
> > e.printStackTrace();
> > e.printStackTrace(Log.out);
> > handle(req, resp, 500);
> > }
> > }
> > }
> >
> > >
> > > However, I can imagine that if you are using a
> > self
> > > signed certificate and are prompted to accept from
> > > your browser this can take about 5 to 10 seconds,
> > and
> > > in the meantime there could be a premature close
> > of
> > > the socket before the SSL handshake protocol has
> > > finished.
> >
> > No this is not the case as ive added the cert to my
> > root certs. And it
> > mostly happens when loading the images in the
> > document i'm first
> > loading; i.e. when the requests come close to each
> > other or perhaps in
> > the same HTTP/1.1 connection (but i've tried
> > Connection: close too).
> >
> > >
> > > If there is a premature closure (which is probably
> > not
> > > the case as you see "broken pipe" messages) I
> > would
> > > recommend that you increase the timeout that
> > Simple is
> > > using. To do this make sure the
> > > simple.http.poller=3Dsimple.http.GranularPoller. You
> > can
> > > set this with a -D parameter like so:
> > >
> > > java
> > -Dsimple.http.poller=3Dsimple.http.GranularPoller
> > >
> > > I hope this solves your problem, or at least
> > helps?
> >
> > Nope.
> >
> > >
> > > Niall
> > >
> > > --- Martin Norrsken <mar...@gm...>
> > wrote:
> > >
> > > > While using simpleweb with SSL on a Java5
> > platform i
> > > > consistently get
> >
> =3D=3D=3D message truncated =3D=3D=3D
>
>
> Niall Gallagher
>
>
>
> __________________________________
> Start your day with Yahoo! - Make it your home page!
> http://www.yahoo.com/r/hs
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Simpleweb-Support mailing list
> Sim...@li...
> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>
|
