Re: [Simpleweb-Support] Getting started with SSL
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] Getting started with SSL
|
From: Brad M. <br...@br...> - 2010-08-02 10:53:31
|
I've checked and have the same issue with .21 I've done the same check with xlightweb and it also works on my windows box and fails silently on the linux server, so it is definitely something I'm doing wrong. Just a couple of specific things: - should the ssl protocol be SSL or TLS? - if i've built the certificate incorrectly, should I expect to see a program error on startup (or at any time)? - should the keystore type be JKS? - should the keystore algorithm be SunX509? - do any of these vary between windows and linux? - should I expect the same certificate file to work on windows and linux? Thanks in advance. Brad Niall Gallagher wrote: > Hi, > > Are you using 4.1.21 to test HTTPS? There have been a number of bugs > fixed recently for HTTPS/SSL. I would advise you use 4.1.21. > > Niall > > --- On *Sun, 8/1/10, Brad McEvoy /<br...@br...>/* wrote: > > > From: Brad McEvoy <br...@br...> > Subject: [Simpleweb-Support] Getting started with SSL > To: "Simple support and user issues" > <sim...@li...> > Date: Sunday, August 1, 2010, 7:26 PM > > Hi All, > > I'm having a problem with using SSL in SimpleHTTP. I'm sure i'm > doing something dumb but am at a loss as to where to start. > > All works fine on my Windows development machine, but when I > deploy to an Ubuntu server (Sun VM 1.6) I get a "Connection > interrupted" error in firefox. I've confirmed connectivity on port > 443 to the server. > > When using the SimpleSSLHelloWorld (adapted for my own certificate > and password) there is no output from logging and the handle > method doesnt get called. > > When i modify the code to directly setup the ContainerServer in my > code I can see that the process method does indeed get called on > the ContainerServer for a https request, which then calls process > on the wrapped processor, but then there is no more console > output, there are no exceptions thrown, nothing is returned to the > browser and the handle method doesnt get called. > > I'm a bit unsure about the ssl config. If there was a > configuration error, should I expect to see an error on startup? > Is there some particular class in simple web that I can add > logging to to see whats going wrong? > > I've attached my slightly modified form of the SimpleSSLHelloWorld > and also my own implementation SslSimpletonServer, both of which > show the same results. > > Any help would be greatly appreciated. I'm happy to the digging > myself but need to know where to stick my shovel! > > Cheers, > Brad > > BTW: this is all part of a project to integrate simpleweb with > milton (see http://milton.ettrema.com) for a very light weight > webdav server > > > Andrew Barlow wrote: >> Thanks Niall - works like a charm on Safari 5 now... >> >> AndyB >> On 26 Jul 2010, at 20:48, Niall Gallagher wrote: >> >>> Hi, >>> >>> I have released 4.1.21 which fixes this issue by not requesting >>> client authentication. If client authentication is needed it can >>> be done just before the handshake begins by setting it on the >>> SSLEngine associated with the org.simpleframework.transport.Socket. >>> >>> Regards, >>> Niall >>> >>> --- On *Thu, 7/8/10, Andrew Barlow >>> /<and...@sd... >>> </mc/compose?to=and...@sd...>>/* wrote: >>> >>> >>> From: Andrew Barlow <and...@sd... >>> </mc/compose?to=and...@sd...>> >>> Subject: [Simpleweb-Support] SSL client certificate request: >>> Safari 5 problem? >>> To: sim...@li... >>> </mc/compose?to=sim...@li...> >>> Date: Thursday, July 8, 2010, 1:14 AM >>> >>> Niall and Fabio kindly sent me links to example code for >>> delivering web content over SSL, see >>> http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support >>> <http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support>. >>> >>> >>> As I need to use an existing signed certificate inside a >>> Java keystore I've adopted/adapted Fabio's example which >>> reads from the keystore file. >>> >>> I have set the SSLContext to "TLS". >>> >>> I've tested against a keystore containing a bona-fide signed >>> certificate issued by Thawte and all is well across a range >>> of browsers: Internet Explorer on Windows and Firefox, >>> Opera, Chrome on Windows and Mac. >>> >>> However on Safari 5 (but NOT 4) on the Mac I encounter a >>> message asking for a client certificate, see screenshot: >>> <clientcertificate.png> >>> >>> >>> Upon selecting a certificate (doesn't matter which), Safari >>> then gives a message: >>> >>> "Safari can’t open the page “xxxx” because Safari can’t >>> establish a secure connection to the server “xxxx”. >>> >>> On Windows behaviour is slightly different, Safari 5 simply >>> displays the message without prompting for client certificate. >>> >>> As this works fine with other browsers, including earlier >>> version of Safari could this be an Safari 5 issue that needs >>> to be addressed by Apple? >>> >>> Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP >>> >>> e: and...@sd... >>> t: +44 (0)7830 302 268 >>> >>> /The information in this email or facsimile is confidential >>> and is intended solely for the addressee(s) and access to >>> this email or facsimile by anyone else is unauthorised. If >>> you are not the intended recipient then any disclosure, >>> copying, distribution or any action taken or omitted to be >>> taken in reliance on it, is prohibited and may be unlawful. >>> Information expressed in this email or facsimile is not >>> given or endorsed by my firm or employer unless otherwise >>> indicated by an authorised representative independent of >>> this message./ >>> >>> >>> -----Inline Attachment Follows----- >>> >>> ------------------------------------------------------------------------------ >>> This SF.net <http://SF.net> email is sponsored by Sprint >>> What will you do first with EVO, the first 4G phone? >>> Visit sprint.com/first <http://sprint.com/first> -- >>> http://p.sf.net/sfu/sprint-com-first >>> >>> -----Inline Attachment Follows----- >>> >>> _______________________________________________ >>> Simpleweb-Support mailing list >>> Sim...@li... >>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support >>> >>> >>> ------------------------------------------------------------------------------ >>> The Palm PDK Hot Apps Program offers developers who use the >>> Plug-In Development Kit to bring their C/C++ apps to Palm for a >>> share >>> of $1 Million in cash or HP Products. Visit us here for more >>> details: >>> http://ad.doubleclick.net/clk;226879339;13503038;l? >>> http://clk.atdmt.com/CRS/go/247765532/direct/01/_______________________________________________ >>> Simpleweb-Support mailing list >>> Sim...@li... >>> </mc/compose?to=Sim...@li...> >>> https://lists.sourceforge.net/lists/listinfo/simpleweb-support >> >> Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP >> >> e: and...@sd... >> </mc/compose?to=and...@sd...> >> t: +44 (0)7830 302 268 >> >> /The information in this email or facsimile is confidential and >> is intended solely for the addressee(s) and access to this email >> or facsimile by anyone else is unauthorised. If you are not the >> intended recipient then any disclosure, copying, distribution or >> any action taken or omitted to be taken in reliance on it, is >> prohibited and may be unlawful. Information expressed in this >> email or facsimile is not given or endorsed by my firm or >> employer unless otherwise indicated by an >> authorised representative independent of this message./ >> >> >> ------------------------------------------------------------------------------ >> The Palm PDK Hot Apps Program offers developers who use the >> Plug-In Development Kit to bring their C/C++ apps to Palm for a share >> of $1 Million in cash or HP Products. Visit us here for more details: >> http://ad.doubleclick.net/clk;226879339;13503038;l? >> http://clk.atdmt.com/CRS/go/247765532/direct/01/ >> >> >> _______________________________________________ >> Simpleweb-Support mailing list >> Sim...@li... </mc/compose?to=Sim...@li...> >> https://lists.sourceforge.net/lists/listinfo/simpleweb-support >> > > > -----Inline Attachment Follows----- > > ------------------------------------------------------------------------------ > The Palm PDK Hot Apps Program offers developers who use the > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > of $1 Million in cash or HP Products. Visit us here for more details: > http://p.sf.net/sfu/dev2dev-palm > > -----Inline Attachment Follows----- > > _______________________________________________ > Simpleweb-Support mailing list > Sim...@li... > </mc/compose?to=Sim...@li...> > https://lists.sourceforge.net/lists/listinfo/simpleweb-support > > > > ------------------------------------------------------------------------------ > The Palm PDK Hot Apps Program offers developers who use the > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > of $1 Million in cash or HP Products. Visit us here for more details: > http://p.sf.net/sfu/dev2dev-palm > > > _______________________________________________ > Simpleweb-Support mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simpleweb-support > |
