You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@servicemix.apache.org by "Steve Chernyak (JIRA)" <ji...@apache.org> on 2008/10/25 17:20:53 UTC
[jira] Created: (SM-1663) Provider fails when using ssl with "Bad
Request (Invalid Header Name)"
Provider fails when using ssl with "Bad Request (Invalid Header Name)"
----------------------------------------------------------------------
Key: SM-1663
URL: https://issues.apache.org/activemq/browse/SM-1663
Project: ServiceMix
Issue Type: Bug
Affects Versions: servicemix-cxf-bc-2008.01
Environment: Client: WinXP, JDK1.5, Servicemix 3.2.3-SNAPSHOT
Server: IIS6
Reporter: Steve Chernyak
The following conduit configuration works as expected with ServiceMix 3.2.2. However, it fails when for some (not all) requests when upgraded to Servicemix 3.2.3-SNAPSHOT.
<http:conduit
name="{http://www.someservice.com}APIServiceSoap.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="somepassword">
<sec:keyStore type="JKS" password="somepassword"
file="/jdk1.5.0_11/jre/lib/security/cacerts" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="somepassword"
file="jdk1.5.0_11/jre/lib/security/cacerts" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!--
these filters ensure that a ciphersuite with
export-suitable or null encryption is used, but exclude
anonymous Diffie-Hellman key change as this is vulnerable
to man-in-the-middle attacks
-->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive" />
</http:conduit>
The generated request contains two text/xml declarations for content type: Content-Type=[text/xml, text/xml], but even if all of the headers are removed from the request, it sill fails with ""Bad Request (Invalid Header Name)"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SM-1663) Provider fails when using ssl with "Bad
Request (Invalid Header Name)"
Posted by "Freeman Fang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/SM-1663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=46898#action_46898 ]
Freeman Fang commented on SM-1663:
----------------------------------
Hi,
Would you please add LoggingOutInterceptor and LoggingInInterceptor for cxf bc provider, and append the servicemix log, so that we can see the difference between the success and failed request since as you said, there would be some (not all) requests failed.
Thanks
Freeman
> Provider fails when using ssl with "Bad Request (Invalid Header Name)"
> ----------------------------------------------------------------------
>
> Key: SM-1663
> URL: https://issues.apache.org/activemq/browse/SM-1663
> Project: ServiceMix
> Issue Type: Bug
> Affects Versions: servicemix-cxf-bc-2008.01
> Environment: Client: WinXP, JDK1.5, Servicemix 3.2.3-SNAPSHOT
> Server: IIS6
> Reporter: Steve Chernyak
> Assignee: Freeman Fang
>
> The following conduit configuration works as expected with ServiceMix 3.2.2. However, it fails when for some (not all) requests when upgraded to Servicemix 3.2.3-SNAPSHOT.
> <http:conduit
> name="{http://www.someservice.com}APIServiceSoap.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="somepassword">
> <sec:keyStore type="JKS" password="somepassword"
> file="/jdk1.5.0_11/jre/lib/security/cacerts" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="somepassword"
> file="jdk1.5.0_11/jre/lib/security/cacerts" />
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <!--
> these filters ensure that a ciphersuite with
> export-suitable or null encryption is used, but exclude
> anonymous Diffie-Hellman key change as this is vulnerable
> to man-in-the-middle attacks
> -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:client AutoRedirect="true" Connection="Keep-Alive" />
> </http:conduit>
> The generated request contains two text/xml declarations for content type: Content-Type=[text/xml, text/xml], but even if all of the headers are removed from the request, it sill fails with ""Bad Request (Invalid Header Name)"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SM-1663) Provider fails when using ssl with "Bad
Request (Invalid Header Name)"
Posted by "Freeman Fang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/SM-1663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Freeman Fang reassigned SM-1663:
--------------------------------
Assignee: Freeman Fang
> Provider fails when using ssl with "Bad Request (Invalid Header Name)"
> ----------------------------------------------------------------------
>
> Key: SM-1663
> URL: https://issues.apache.org/activemq/browse/SM-1663
> Project: ServiceMix
> Issue Type: Bug
> Affects Versions: servicemix-cxf-bc-2008.01
> Environment: Client: WinXP, JDK1.5, Servicemix 3.2.3-SNAPSHOT
> Server: IIS6
> Reporter: Steve Chernyak
> Assignee: Freeman Fang
>
> The following conduit configuration works as expected with ServiceMix 3.2.2. However, it fails when for some (not all) requests when upgraded to Servicemix 3.2.3-SNAPSHOT.
> <http:conduit
> name="{http://www.someservice.com}APIServiceSoap.http-conduit">
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="somepassword">
> <sec:keyStore type="JKS" password="somepassword"
> file="/jdk1.5.0_11/jre/lib/security/cacerts" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="somepassword"
> file="jdk1.5.0_11/jre/lib/security/cacerts" />
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <!--
> these filters ensure that a ciphersuite with
> export-suitable or null encryption is used, but exclude
> anonymous Diffie-Hellman key change as this is vulnerable
> to man-in-the-middle attacks
> -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:client AutoRedirect="true" Connection="Keep-Alive" />
> </http:conduit>
> The generated request contains two text/xml declarations for content type: Content-Type=[text/xml, text/xml], but even if all of the headers are removed from the request, it sill fails with ""Bad Request (Invalid Header Name)"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.