Re: [Simpleweb-Support] Getting started with SSL

[Brad M. <br...@br...>]

I'm on .20 at the moment, will have a go with .21

Niall Gallagher wrote:
> Hi,
>
> Are you using 4.1.21 to test HTTPS? There have been a number of bugs 
> fixed recently for HTTPS/SSL. I would advise you use 4.1.21.
>
> Niall
>
> --- On *Sun, 8/1/10, Brad McEvoy /<br...@br...>/* wrote:
>
>
>     From: Brad McEvoy <br...@br...>
>     Subject: [Simpleweb-Support] Getting started with SSL
>     To: "Simple support and user issues"
>     <sim...@li...>
>     Date: Sunday, August 1, 2010, 7:26 PM
>
>     Hi All,
>
>     I'm having a problem with using SSL in SimpleHTTP. I'm sure i'm
>     doing something dumb but am at a loss as to where to start.
>
>     All works fine on my Windows development machine, but when I
>     deploy to an Ubuntu server (Sun VM 1.6) I get a "Connection
>     interrupted" error in firefox. I've confirmed connectivity on port
>     443 to the server.
>
>     When using the SimpleSSLHelloWorld (adapted for my own certificate
>     and password) there is no output from logging and the handle
>     method doesnt get called.
>
>     When i modify the code to directly setup the ContainerServer in my
>     code I can see that the process method does indeed get called on
>     the ContainerServer for a https request, which then calls process
>     on the wrapped processor, but then there is no more console
>     output, there are no exceptions thrown, nothing is returned to the
>     browser and the handle method doesnt get called.
>
>     I'm a bit unsure about the ssl config. If there was a
>     configuration error, should I expect to see an error on startup?
>     Is there some particular class in simple web that I can add
>     logging to to see whats going wrong?
>
>     I've attached my slightly modified form of the SimpleSSLHelloWorld
>     and also my own implementation SslSimpletonServer, both of which
>     show the same results.
>
>     Any help would be greatly appreciated. I'm happy to the digging
>     myself but need to know where to stick my shovel!
>
>     Cheers,
>     Brad
>
>     BTW: this is all part of a project to integrate simpleweb with
>     milton (see http://milton.ettrema.com) for a very light weight
>     webdav server
>
>
>     Andrew Barlow wrote:
>>     Thanks Niall - works like a charm on Safari 5 now...
>>
>>     AndyB
>>     On 26 Jul 2010, at 20:48, Niall Gallagher wrote:
>>
>>>     Hi,
>>>
>>>     I have released 4.1.21 which fixes this issue by not requesting
>>>     client authentication. If client authentication is needed it can
>>>     be done just before the handshake begins by setting it on the
>>>     SSLEngine associated with the org.simpleframework.transport.Socket.
>>>
>>>     Regards,
>>>     Niall
>>>
>>>     --- On *Thu, 7/8/10, Andrew Barlow
>>>     /<and...@sd...
>>>     </mc/compose?to=...@sd...>>/* wrote:
>>>
>>>
>>>         From: Andrew Barlow <and...@sd...
>>>         </mc/compose?to=...@sd...>>
>>>         Subject: [Simpleweb-Support] SSL client certificate request:
>>>         Safari 5 problem?
>>>         To: sim...@li...
>>>         </mc/compose?to=...@li...>
>>>         Date: Thursday, July 8, 2010, 1:14 AM
>>>
>>>         Niall and Fabio kindly sent me links to example code for
>>>         delivering web content over SSL, see
>>>         http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support
>>>         <http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support>.
>>>
>>>
>>>         As  I need to use an existing signed certificate inside a
>>>         Java keystore I've adopted/adapted Fabio's example which
>>>         reads from the keystore file.
>>>
>>>         I have set the SSLContext to "TLS".
>>>
>>>         I've tested against a keystore containing a bona-fide signed
>>>         certificate issued by Thawte and all is well across a range
>>>         of browsers: Internet Explorer on Windows and Firefox,
>>>         Opera, Chrome on Windows and Mac.
>>>
>>>         However on Safari 5 (but NOT 4) on the Mac I encounter a
>>>         message asking for a client certificate, see screenshot:
>>>         <clientcertificate.png>
>>>
>>>
>>>         Upon selecting a certificate (doesn't matter which), Safari
>>>         then gives a message:
>>>
>>>         "Safari can’t open the page “xxxx” because Safari can’t
>>>         establish a secure connection to the server “xxxx”.
>>>
>>>         On Windows behaviour is slightly different, Safari 5 simply
>>>         displays the message without prompting for client certificate.
>>>
>>>         As this works fine with other browsers, including earlier
>>>         version of Safari could this be an Safari 5 issue that needs
>>>         to be addressed by Apple?
>>>
>>>         Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP
>>>
>>>         e: and...@sd...
>>>         t: +44 (0)7830 302 268
>>>
>>>         /The information in this email or facsimile is confidential
>>>         and is intended solely for the addressee(s) and access to
>>>         this email or facsimile by anyone else is unauthorised. If
>>>         you are not the intended recipient then any disclosure,
>>>         copying, distribution or any action taken or omitted to be
>>>         taken in reliance on it, is prohibited and may be unlawful.
>>>         Information expressed in this email or facsimile is not
>>>         given or endorsed by my firm or employer unless otherwise
>>>         indicated by an authorised representative independent of
>>>         this message./
>>>
>>>
>>>         -----Inline Attachment Follows-----
>>>
>>>         ------------------------------------------------------------------------------
>>>         This SF.net <http://SF.net> email is sponsored by Sprint
>>>         What will you do first with EVO, the first 4G phone?
>>>         Visit sprint.com/first <http://sprint.com/first> --
>>>         http://p.sf.net/sfu/sprint-com-first
>>>
>>>         -----Inline Attachment Follows-----
>>>
>>>         _______________________________________________
>>>         Simpleweb-Support mailing list
>>>         Sim...@li...
>>>         https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>>
>>>
>>>     ------------------------------------------------------------------------------
>>>     The Palm PDK Hot Apps Program offers developers who use the
>>>     Plug-In Development Kit to bring their C/C++ apps to Palm for a
>>>     share
>>>     of $1 Million in cash or HP Products. Visit us here for more
>>>     details:
>>>     http://ad.doubleclick.net/clk;226879339;13503038;l?
>>>     http://clk.atdmt.com/CRS/go/247765532/direct/01/_______________________________________________
>>>     Simpleweb-Support mailing list
>>>     Sim...@li...
>>>     </mc/compose?to=...@li...>
>>>     https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>
>>     Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP
>>
>>     e: and...@sd...
>>     </mc/compose?to=...@sd...>
>>     t: +44 (0)7830 302 268
>>
>>     /The information in this email or facsimile is confidential and
>>     is intended solely for the addressee(s) and access to this email
>>     or facsimile by anyone else is unauthorised. If you are not the
>>     intended recipient then any disclosure, copying, distribution or
>>     any action taken or omitted to be taken in reliance on it, is
>>     prohibited and may be unlawful. Information expressed in this
>>     email or facsimile is not given or endorsed by my firm or
>>     employer unless otherwise indicated by an
>>     authorised representative independent of this message./
>>
>>
>>     ------------------------------------------------------------------------------
>>     The Palm PDK Hot Apps Program offers developers who use the
>>     Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>>     of $1 Million in cash or HP Products. Visit us here for more details:
>>     http://ad.doubleclick.net/clk;226879339;13503038;l?
>>     http://clk.atdmt.com/CRS/go/247765532/direct/01/
>>
>>
>>     _______________________________________________
>>     Simpleweb-Support mailing list
>>     Sim...@li...  </mc/compose?to=...@li...>
>>     https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>>        
>
>
>     -----Inline Attachment Follows-----
>
>     ------------------------------------------------------------------------------
>     The Palm PDK Hot Apps Program offers developers who use the
>     Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>     of $1 Million in cash or HP Products. Visit us here for more details:
>     http://p.sf.net/sfu/dev2dev-palm
>
>     -----Inline Attachment Follows-----
>
>     _______________________________________________
>     Simpleweb-Support mailing list
>     Sim...@li...
>     </mc/compose?to=...@li...>
>     https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://p.sf.net/sfu/dev2dev-palm
>
>
> _______________________________________________
> Simpleweb-Support mailing list
> Sim...@li...
> https://lists.sourceforge.net/lists/listinfo/simpleweb-support
>