You are viewing a plain text version of this content. The canonical link for it is here.

Posted to axis-cvs@ws.apache.org by Ma...@Mitel.COM on 2008/04/03 00:58:49 UTC

JSSESocketFactory doesn't timeout during initial SSL handshaking to bogus IP... any suggestion?

Hi.

I would like to know how to specify a timeout for initial SSL socket
handshaking in an Axis 1.3 client using JSSESocketFactory?

Pierre-Hugues Charbonneau presented a very nice analysis here:

   http://www.mail-archive.com/axis-dev@ws.apache.org/msg24322.html

... and Davanum Srinivas did say:

   > Please try the CommonsHTTPSender. See wiki for more info.

I searched for CommonsHTTPSender in the wiki at:

http://wiki.apache.org/ws/FrontPage/Axis

... but returned nothing.

We use a custom SecureSocketFactory extended from JSSESocketFactory, the
custom action is to specify our trust manager:

   import javax.net.ssl.SSLContext;
   import org.apache.axis.components.net.JSSESocketFactory;
   import org.apache.axis.components.net.SecureSocketFactory;

   public class AxisSecureSocketFactory extends JSSESocketFactory
   implements SecureSocketFactory
   {
      public AxisSecureSocketFactory(Hashtable attributes)
      {
         super(attributes);
      }

      protected void initFactory()
      {
         try
         {
            ...
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init( null, //no KeyManager
                                tm, //use custom trust manager
                              null);//use default random number generator

            sslFactory = sslContext.getSocketFactory();
         }

         catch (Exception e)
         {
            e.printStackTrace();
         }
      }
   }

Our axis client is running under tomcat and the custom factory is
registered by specifying -Daxis.socketSecureFactory in the jvm command
line.

We are finding, as Pierre-Hugues discovered, that there is no timeout
during SSL socket handshaking, so if I attempt to connect to a bogus IP it
takes upwards of 5 minutes for tomcat to detect the problem...

I have started reading up on CommonsHTTPSender where I can find stuff, but
it talks about changing config files and things... is there any way I can
to it WITHOUT changing the axis client?  Ideally changing something in the
above custom factory...

Can anyone help or suggest something?

Regards,
Martin A. Gillen


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org