You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Alex Karasulu <ak...@apache.org> on 2007/01/08 23:03:34 UTC
[ApacheDS] [MINA] SSL filter woes
Trustin,
I got the following error on my mac ppc running Ubuntu which only has
the IBM jvm as an option.
akarasulu@mac:~/trunks/apacheds/server-ssl$ cat
target/surefire-reports/org.apache.directory.server.ssl.LdapsITest.txt
-------------------------------------------------------------------------------
Test set: org.apache.directory.server.ssl.LdapsITest
-------------------------------------------------------------------------------
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 14.486
sec <<< FAILURE!
testSetUpTearDown(org.apache.directory.server.ssl.LdapsITest) Time
elapsed: 14.241 sec <<< ERROR!
javax.naming.NamingException: Failed to create a SSL context. [Root
exception is java.security.NoSuchAlgorithmException: SunX509
KeyManagerFactory not available]
Is there any way we can use an alternative class in the IBM JDK and
detect the JDK to swap these classes based on the jvm system property?
Alex
Re: [ApacheDS] [MINA] SSL filter woes
Posted by Trustin Lee <tr...@gmail.com>.
On 1/9/07, Norval Hope <nr...@gmail.com> wrote:
> The problem may be in some ApacheDS code:
> org.apache.directory.server.ssl.LdapsInitializer has an explicit
> reference to "SunX509".
I checked in the fix to the trunk, and Alex did the same for the 1.0 branch.
Thanks for pin-pointing the cause of the problem!
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP key fingerprints:
* E167 E6AF E73A CBCE EE41 4A29 544D DE48 FE95 4E7E
* B693 628E 6047 4F8F CFA4 455E 1C62 A7DC 0255 ECA6
Re: [ApacheDS] [MINA] SSL filter woes
Posted by Norval Hope <nr...@gmail.com>.
The problem may be in some ApacheDS code:
org.apache.directory.server.ssl.LdapsInitializer has an explicit
reference to "SunX509".
Re: [ApacheDS] [MINA] SSL filter woes
Posted by Trustin Lee <tr...@gmail.com>.
I thought I fixed this problem long ago. Weird..., but thanks for the heads
up!
On 1/9/07, Srikanth Veeramachaneni <sr...@veeramachaneni.com> wrote:
>
> Forgot to mention that the key manager algorithm name supported by IBM
> JDK 1.4.2 is "IbmX509". This information can generally be found in the
> file "jre/lib/security/java.security" file with the property name
> "ssl.KeyManagerFactory.algorithm"
>
> -Srikanth
>
> On 1/8/07, Srikanth Veeramachaneni <sr...@veeramachaneni.com> wrote:
> > Since you got this error, I am assuming that the algorithm while
> > creating the key manager factory is hardcoded which makes it dependent
> > on the JVM. You can instead create the key manager factory as below to
> > avoid this.
> >
> > KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
> > .getDefaultAlgorithm());
> >
> > This basically uses the default algorithm specified in the Java
> > security properties. This approach has worked for me using Sun and IBM
> > jdks.
> >
> > thanks,
> > Srikanth
> >
> > On 1/8/07, Alex Karasulu <ak...@apache.org> wrote:
> > > Trustin,
> > >
> > > I got the following error on my mac ppc running Ubuntu which only has
> > > the IBM jvm as an option.
> > >
> > >
> > > akarasulu@mac:~/trunks/apacheds/server-ssl$ cat
> > > target/surefire-reports/org.apache.directory.server.ssl.LdapsITest.txt
> > >
> -------------------------------------------------------------------------------
> > > Test set: org.apache.directory.server.ssl.LdapsITest
> > >
> -------------------------------------------------------------------------------
> > > Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 14.486
> > > sec <<< FAILURE!
> > > testSetUpTearDown(org.apache.directory.server.ssl.LdapsITest) Time
> > > elapsed: 14.241 sec <<< ERROR!
> > > javax.naming.NamingException: Failed to create a SSL context. [Root
> > > exception is java.security.NoSuchAlgorithmException: SunX509
> > > KeyManagerFactory not available]
> > >
> > >
> > > Is there any way we can use an alternative class in the IBM JDK and
> > > detect the JDK to swap these classes based on the jvm system property?
> > >
> > > Alex
> > >
> > >
> > >
> >
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP key fingerprints:
* E167 E6AF E73A CBCE EE41 4A29 544D DE48 FE95 4E7E
* B693 628E 6047 4F8F CFA4 455E 1C62 A7DC 0255 ECA6
Re: [ApacheDS] [MINA] SSL filter woes
Posted by Srikanth Veeramachaneni <sr...@veeramachaneni.com>.
Forgot to mention that the key manager algorithm name supported by IBM
JDK 1.4.2 is "IbmX509". This information can generally be found in the
file "jre/lib/security/java.security" file with the property name
"ssl.KeyManagerFactory.algorithm"
-Srikanth
On 1/8/07, Srikanth Veeramachaneni <sr...@veeramachaneni.com> wrote:
> Since you got this error, I am assuming that the algorithm while
> creating the key manager factory is hardcoded which makes it dependent
> on the JVM. You can instead create the key manager factory as below to
> avoid this.
>
> KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
> .getDefaultAlgorithm());
>
> This basically uses the default algorithm specified in the Java
> security properties. This approach has worked for me using Sun and IBM
> jdks.
>
> thanks,
> Srikanth
>
> On 1/8/07, Alex Karasulu <ak...@apache.org> wrote:
> > Trustin,
> >
> > I got the following error on my mac ppc running Ubuntu which only has
> > the IBM jvm as an option.
> >
> >
> > akarasulu@mac:~/trunks/apacheds/server-ssl$ cat
> > target/surefire-reports/org.apache.directory.server.ssl.LdapsITest.txt
> > -------------------------------------------------------------------------------
> > Test set: org.apache.directory.server.ssl.LdapsITest
> > -------------------------------------------------------------------------------
> > Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 14.486
> > sec <<< FAILURE!
> > testSetUpTearDown(org.apache.directory.server.ssl.LdapsITest) Time
> > elapsed: 14.241 sec <<< ERROR!
> > javax.naming.NamingException: Failed to create a SSL context. [Root
> > exception is java.security.NoSuchAlgorithmException: SunX509
> > KeyManagerFactory not available]
> >
> >
> > Is there any way we can use an alternative class in the IBM JDK and
> > detect the JDK to swap these classes based on the jvm system property?
> >
> > Alex
> >
> >
> >
>
Re: [ApacheDS] [MINA] SSL filter woes
Posted by Srikanth Veeramachaneni <sr...@veeramachaneni.com>.
Since you got this error, I am assuming that the algorithm while
creating the key manager factory is hardcoded which makes it dependent
on the JVM. You can instead create the key manager factory as below to
avoid this.
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
This basically uses the default algorithm specified in the Java
security properties. This approach has worked for me using Sun and IBM
jdks.
thanks,
Srikanth
On 1/8/07, Alex Karasulu <ak...@apache.org> wrote:
> Trustin,
>
> I got the following error on my mac ppc running Ubuntu which only has
> the IBM jvm as an option.
>
>
> akarasulu@mac:~/trunks/apacheds/server-ssl$ cat
> target/surefire-reports/org.apache.directory.server.ssl.LdapsITest.txt
> -------------------------------------------------------------------------------
> Test set: org.apache.directory.server.ssl.LdapsITest
> -------------------------------------------------------------------------------
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 14.486
> sec <<< FAILURE!
> testSetUpTearDown(org.apache.directory.server.ssl.LdapsITest) Time
> elapsed: 14.241 sec <<< ERROR!
> javax.naming.NamingException: Failed to create a SSL context. [Root
> exception is java.security.NoSuchAlgorithmException: SunX509
> KeyManagerFactory not available]
>
>
> Is there any way we can use an alternative class in the IBM JDK and
> detect the JDK to swap these classes based on the jvm system property?
>
> Alex
>
>
>