You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Joe Qiang Luo (JIRA)" <ji...@apache.org> on 2015/07/09 15:07:05 UTC

[jira] [Created] (CAMEL-8946) Original exception was overridden by Camel Netty Http producer

Joe Qiang Luo created CAMEL-8946:
------------------------------------

             Summary: Original exception was overridden by Camel Netty Http producer
                 Key: CAMEL-8946
                 URL: https://issues.apache.org/jira/browse/CAMEL-8946
             Project: Camel
          Issue Type: Bug
          Components: camel-netty, camel-netty-http
    Affects Versions: 2.12.5
            Reporter: Joe Qiang Luo


I am having difficulties to troubleshoot some of the SSL failures when my application attempts to connect to back ends. I am not able to understand by looking at the logs what is making the connection to fail.

When inspecting the behavior of 'camel-netty-http' for a particular use case where no trusted certificates are available, I realize that Netty is throwing an SSLHandshakeException, but then it gets lost and a ClosedChannelExcetpion is thrown back instead.

While DEBUG and WARN level messages give indication about the real source of the problem, the final ERROR level message looses the error context. This is problematic when I run the system in ERROR level, and when I see failures I can't determine the reasons.

The sequence of logs is as follows:
1) first a DEBUG trace:
DEBUG Closing channel as an exception was thrown from Netty
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
... Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
... Caused by: sun.security.validator.ValidatorException: No trusted certificate found

2) then a WARN trace:
WARN  HttpServerChannelHandler is not found as attachment to handle exception, send 404 back to the client.
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

3) and an ERROR trace:
ERROR Failed delivery for...
... java.nio.channels.ClosedChannelException
	at org.jboss.netty.handler.ssl.SslHandler$7.run(SslHandler.java:1766)


I have made a simple fix on NettyProducer.java class since NettyHttpProducer class is inherited from it.

I'll also attach a junit test
org/apache/camel/component/netty/http/NettyHttpSSLHandshakeErrorTest.java
that reproduces the situation as well as a patch (patch.txt) to this JIRA.
 
Note, the junit test requires some keystore files so you will need to copy over following four files:
camel-cxf/src/test/resources/wssecurity/keystore/client-keystore.jks
camel-cxf/src/test/resources/wssecurity/keystore/client-truststore.jks
camel-cxf/src/test/resources/wssecurity/keystore/server-keystore.jks
camel-cxf/src/test/resources/wssecurity/keystore/server-truststore.jks

over to camel-netty-http/src/test/resources/jsse/ folder in order to get the junit test to work.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)