You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xmlrpc-dev@ws.apache.org by "Zhou Jing (JIRA)" <xm...@ws.apache.org> on 2006/07/12 09:19:29 UTC
[jira] Created: (XMLRPC-93) About SSL
About SSL
---------
Key: XMLRPC-93
URL: http://issues.apache.org/jira/browse/XMLRPC-93
Project: XML-RPC
Type: Bug
Versions: 3.0b1
Environment: any
Reporter: Zhou Jing
The SSL support is a important issue in the XML-RPC, that is concerned by many people, but by now it seems that there is NOT a satisfied answer:-(.......
When I simply use an "https" URL and the default client, that is:
XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
URL url = new URL(" https://123.456.789.100:12345/xmlrpc_servlet/xmlrpc");
config.setServerURL(url);
client = new XmlRpcClient();
client.setConfig(config);
I get the erros like this:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:67)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 24 more
can anyone help me? and I wnat to know whether the client need get the certificate? thanks very much!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org
[jira] Commented: (XMLRPC-93) About SSL
Posted by "Zhou Jing (JIRA)" <xm...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/XMLRPC-93?page=comments#action_12420558 ]
Zhou Jing commented on XMLRPC-93:
---------------------------------
The server is "tomcat" and the configuration is:
<!-- XMLRPCHTTPSBEGIN
<Connector port="38191"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
XMLRPCHTTPSEND -->
> About SSL
> ---------
>
> Key: XMLRPC-93
> URL: http://issues.apache.org/jira/browse/XMLRPC-93
> Project: XML-RPC
> Type: Bug
> Versions: 3.0b1
> Environment: any
> Reporter: Zhou Jing
>
> The SSL support is a important issue in the XML-RPC, that is concerned by many people, but by now it seems that there is NOT a satisfied answer:-(.......
> When I simply use an "https" URL and the default client, that is:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> URL url = new URL(" https://123.456.789.100:12345/xmlrpc_servlet/xmlrpc");
> config.setServerURL(url);
> client = new XmlRpcClient();
> client.setConfig(config);
> I get the erros like this:
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
> at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:67)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
> ... 19 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 24 more
> can anyone help me? and I wnat to know whether the client need get the certificate? thanks very much!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org
[jira] Commented: (XMLRPC-93) About SSL
Posted by "Jochen Wiedmann (JIRA)" <xm...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/XMLRPC-93?page=comments#action_12420534 ]
Jochen Wiedmann commented on XMLRPC-93:
---------------------------------------
The information you are providing is insufficient. What web server are you using? What configuration on the web server? ...
> About SSL
> ---------
>
> Key: XMLRPC-93
> URL: http://issues.apache.org/jira/browse/XMLRPC-93
> Project: XML-RPC
> Type: Bug
> Versions: 3.0b1
> Environment: any
> Reporter: Zhou Jing
>
> The SSL support is a important issue in the XML-RPC, that is concerned by many people, but by now it seems that there is NOT a satisfied answer:-(.......
> When I simply use an "https" URL and the default client, that is:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> URL url = new URL(" https://123.456.789.100:12345/xmlrpc_servlet/xmlrpc");
> config.setServerURL(url);
> client = new XmlRpcClient();
> client.setConfig(config);
> I get the erros like this:
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
> at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:67)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
> ... 19 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 24 more
> can anyone help me? and I wnat to know whether the client need get the certificate? thanks very much!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org
[jira] Commented: (XMLRPC-93) About SSL
Posted by "Zhou Jing (JIRA)" <xm...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/XMLRPC-93?page=comments#action_12420561 ]
Zhou Jing commented on XMLRPC-93:
---------------------------------
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
> About SSL
> ---------
>
> Key: XMLRPC-93
> URL: http://issues.apache.org/jira/browse/XMLRPC-93
> Project: XML-RPC
> Type: Bug
> Versions: 3.0b1
> Environment: any
> Reporter: Zhou Jing
>
> The SSL support is a important issue in the XML-RPC, that is concerned by many people, but by now it seems that there is NOT a satisfied answer:-(.......
> When I simply use an "https" URL and the default client, that is:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> URL url = new URL(" https://123.456.789.100:12345/xmlrpc_servlet/xmlrpc");
> config.setServerURL(url);
> client = new XmlRpcClient();
> client.setConfig(config);
> I get the erros like this:
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
> at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:67)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
> ... 19 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 24 more
> can anyone help me? and I wnat to know whether the client need get the certificate? thanks very much!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org
[jira] Closed: (XMLRPC-93) About SSL
Posted by "Jochen Wiedmann (JIRA)" <xm...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/XMLRPC-93?page=all ]
Jochen Wiedmann closed XMLRPC-93.
---------------------------------
Resolution: Invalid
You did not configure your client properly. I have added a document, which describes proper client configuration. See
https://svn.apache.org/repos/asf/webservices/xmlrpc/trunk/src/site/apt/ssl.apt
> About SSL
> ---------
>
> Key: XMLRPC-93
> URL: http://issues.apache.org/jira/browse/XMLRPC-93
> Project: XML-RPC
> Issue Type: Bug
> Affects Versions: 3.0b1
> Environment: any
> Reporter: Zhou Jing
>
> The SSL support is a important issue in the XML-RPC, that is concerned by many people, but by now it seems that there is NOT a satisfied answer:-(.......
> When I simply use an "https" URL and the default client, that is:
> XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
> URL url = new URL(" https://123.456.789.100:12345/xmlrpc_servlet/xmlrpc");
> config.setServerURL(url);
> client = new XmlRpcClient();
> client.setConfig(config);
> I get the erros like this:
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
> at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:67)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
> ... 19 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 24 more
> can anyone help me? and I wnat to know whether the client need get the certificate? thanks very much!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xmlrpc-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: xmlrpc-dev-help@ws.apache.org