You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Timothy Prepscius <ti...@gmail.com> on 2012/07/09 03:05:37 UTC
tis issues.
Okay, I just literally spent 10 hours on one bug.
If, you do all your ssl certificate stuff, and you are getting nowhere with ssl actually working.
you're getting some "no peer certificate" error…
and no negotiation is occurring
check to see if you are running IceTea java.
if you are get rid of it, and use sun.
http://askubuntu.com/questions/56104/how-can-i-install-oracle-java-jre-7
Apparently this is an ice tea issue..
-tim
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: tis issues.
Posted by Timothy Prepscius <ti...@gmail.com>.
It will look like this:
CONNECTED(00000003)
3077671112:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
In my efforts to fix the bug I:
1. tried redoing the keystore a few times
2. tried different options of openssl for possibly triggering it to look up some cert or something
3. thought, hmm, I don't see any log of where the BouncyCastle is actually being used, so I copied those jars in conf/lib
but then of course I had configuration issues with spring.xml so I tried removing the MANIFEST.MF, but of course this unsign's the jars
so probably wouldn't be used anyways.
4. tried copying the sunjce, had to de-manifest it. tried it in different places in the class path.
5. tried ice tea 6 verses 7, so that I could use the jars without zip -d META/*
6. did a billion searches for "no peer certificate available" but didn't get anything good.
7. tried to find the point in the james source which is actually loading the BouncyCastle, because I noticed if I modified that <provider>org…</provider> xml frag to be invalid, it would give the same error mysteriously.
8. got the debugging increased finally.
9. finally came across: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
10. installed the stupid sun java.
and walah, it worked.
so if you find yourself doing 1-10, maybe skip to 10.
Curiously, during this time hotmail just doesn't care about the certificate, delivered stuff anyways. Google stopped delivering.
Lol.
-tim
On Jul 8, 2012, at 9:30 PM, Ioan Eugen Stan wrote:
> Thanks for sharing Timothy! If I remember right this should become an
> issue on JIRA / somewhere else.
> Is there any other information that you could share on this so we can
> best describe it for other people?
>
> Thanks,
>
> 2012/7/9 Timothy Prepscius <ti...@gmail.com>:
>> Okay, I just literally spent 10 hours on one bug.
>>
>>
>>
>> If, you do all your ssl certificate stuff, and you are getting nowhere with ssl actually working.
>> you're getting some "no peer certificate" error…
>> and no negotiation is occurring
>>
>>
>> check to see if you are running IceTea java.
>> if you are get rid of it, and use sun.
>>
>> http://askubuntu.com/questions/56104/how-can-i-install-oracle-java-jre-7
>>
>>
>>
>> Apparently this is an ice tea issue..
>>
>>
>>
>>
>> -tim
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
>
>
> --
> Ioan Eugen Stan / CTO / http://axemblr.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
Re: tis issues.
Posted by Ioan Eugen Stan <st...@gmail.com>.
Thanks for sharing Timothy! If I remember right this should become an
issue on JIRA / somewhere else.
Is there any other information that you could share on this so we can
best describe it for other people?
Thanks,
2012/7/9 Timothy Prepscius <ti...@gmail.com>:
> Okay, I just literally spent 10 hours on one bug.
>
>
>
> If, you do all your ssl certificate stuff, and you are getting nowhere with ssl actually working.
> you're getting some "no peer certificate" error…
> and no negotiation is occurring
>
>
> check to see if you are running IceTea java.
> if you are get rid of it, and use sun.
>
> http://askubuntu.com/questions/56104/how-can-i-install-oracle-java-jre-7
>
>
>
> Apparently this is an ice tea issue..
>
>
>
>
> -tim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
--
Ioan Eugen Stan / CTO / http://axemblr.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org