You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by madhurima v <mv...@nisum.com> on 2012/06/11 10:36:05 UTC

Connect from C++ SSL Client to Mina SSL server

Thanks for your quick response. 
We are using Mina 2.0-M1 from last 4 years,due to the same reason i was
tried SSL connection also with same version. 
as per your suggestion we updated the version to Mina-2.0.0-M5 and tried the
SSL connection 
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.mina/mina-example
/2.0.0-M5/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java
?av=f. 

Following is my issue. 
1. generated bogus certificate using keystore commands available in
BogusSslContextFactory.java class. 
        // NOTE: The keystore was generated using keytool: 
    //   keytool -genkey -alias bogus -keysize 512 -validity 3650 
    //   -keyalg RSA -dname "CN=bogus.com, OU=XXX CA, 
    //   O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE" 
    //   -keypass boguspw -storepass boguspw -keystore bogus.cert 
    and we used same certificate in both sides and both ssl client and
server connected successfully. 
2. After getting the connection we need to get the message in handler
-messageReceive() method. 
    here i am unable to get the original message. and automatically closing
the connection. 

    Mina server log :
SSL ON 
Listening on port 9123 
[12:19:24] NioProcessor-1 INFO  [] []
[org.apache.mina.example.echoserver.EchoProtocolHandler] -      OPENED 
[12:19:26] NioProcessor-1 INFO  [] []
[org.apache.mina.example.echoserver.EchoProtocolHandler] - Received :
SESSION_UNSECURED 
[12:19:26] NioProcessor-1 INFO  [] []
[org.apache.mina.example.echoserver.EchoProtocolHandler] - CLOSED . 


Please help me if we need to do any changes on code to receive original
message. 

Thanks & Regards, 
Madhurima vadlamudi

 

 

 

Hi, 
> 
> should you identify any critical issues, I'd be more than happy to buy 
> you a beer. 

Actually, this is the best answer, *ever* :) 

People want support, and are ready to pay for it, but OpenSources are 
wanting to *fix* bugs and to offer a beer to those who have exposed the 
bug ! I like this spirit ! 

Guys, I have a few advices for you, no pun intended : 
- read the answers. We have told you to switch to the later version 
(2.0.5), you are still telling us you are using an outdated version 
- no need to ask your all team to send mails, just one person is enough 
- when you decide to use a project, just be sure you understand how it 
works. If you have no clue about what is a keystore in Java, the best is 
probably to start there. 
- You also have to understand that communication between two systems is 
not depending on the langage in use. The fact that your client is 
written in C++ is totally orthogonal with the problem you have. We 
already have stated that once, or more, but if you don't understand, 
there is little we can do to help you. 


-- 
Regards, 
Cordialement, 
Emmanuel Lécharny 
www.iktek.com

Re: Connect from C++ SSL Client to Mina SSL server

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 6/11/12 10:36 AM, madhurima v a écrit :
> Thanks for your quick response.
> We are using Mina 2.0-M1 from last 4 years,due to the same reason i was
> tried SSL connection also with same version.
> as per your suggestion we updated the version to Mina-2.0.0-M5 and tried the
> SSL connection
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.mina/mina-example
> /2.0.0-M5/org/apache/mina/example/echoserver/ssl/BogusSslContextFactory.java
> ?av=f.
>
> Following is my issue.
> 1. generated bogus certificate using keystore commands available in
> BogusSslContextFactory.java class.
>          // NOTE: The keystore was generated using keytool:
>      //   keytool -genkey -alias bogus -keysize 512 -validity 3650
>      //   -keyalg RSA -dname "CN=bogus.com, OU=XXX CA,
>      //   O=Bogus Inc, L=Stockholm, S=Stockholm, C=SE"
>      //   -keypass boguspw -storepass boguspw -keystore bogus.cert
>      and we used same certificate in both sides and both ssl client and
> server connected successfully.
> 2. After getting the connection we need to get the message in handler
> -messageReceive() method.
>      here i am unable to get the original message. and automatically closing
> the connection.
>
>      Mina server log :
> SSL ON
> Listening on port 9123
> [12:19:24] NioProcessor-1 INFO  [] []
> [org.apache.mina.example.echoserver.EchoProtocolHandler] -      OPENED
> [12:19:26] NioProcessor-1 INFO  [] []
> [org.apache.mina.example.echoserver.EchoProtocolHandler] - Received :
> SESSION_UNSECURED

Here, the handshake has failed. It might be because the client is trying 
to negociate some cyphers that are not supported by MINA server.

The best things would be to use wireshark to analyze what is being 
transmitted during the handshake. You can provide the output.

Also there is a way to set up some debugging for SSL 
(http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html)


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com