You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Francesca Milan <fr...@newvision.it> on 2007/11/08 12:01:18 UTC
SSL problem
Hi!
I have a little problem with SSL :-/
I've wrote this code to add a SSLFilter to a socketAcceptor's IoSession
but I've some handshake problem.
SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true));
acceptor_session.getFilterChain().addLast("sslFilter", filter);
acceptor_session.getFilterChain().addLast("protocolFilter", new
ProtocolCodecFilter(this.codecFactory));
if (log.isDebugEnabled()) {
acceptor_session.getFilterChain().addLast("logger", new
LoggingFilter());
}
Have I done something wrong? ...I'm sure that the client doesn't
contains errors :-/
Thanks
Francesca
...sorry for my terrible english :-/
Re: SSL problem
Posted by Francesca Milan <fr...@newvision.it>.
Summarizing I'm trying to run the client and the server applications on
my host both but I obtain some strange certificates errors.
It will be a stupid problem because if I run a my old client server
application (functioning) in the same host (localhost) I obtain the same
error!
Thanks for your helpfulness! ;-)
Francesca Milan ha scritto:
> I've tryed my client and server applications with MINA 1.1.2 but I've
> the same errors :-/
>
> Trustin Lee ha scritto:
>> I guess we fixed this problem long long time ago. Why don't you
>> upgrade to 1.x?
>>
>> Trustin
>>
>> On Nov 9, 2007 1:30 AM, Francesca Milan
>> <fr...@newvision.it> wrote:
>>
>>> Francesca Milan ha scritto:
>>>
>>>
>>>> Niklas Therning ha scritto:
>>>>
>>>>> Francesca Milan wrote:
>>>>>
>>>>>
>>>>>> SSLContextFactory was this class
>>>>>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Niklas Therning ha scritto:
>>>>>>
>>>>>>
>>>>>>> Francesca Milan wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> <snip/>
>>>>>>>>
>>>>>>>> SSLFilter filter = new
>>>>>>>> SSLFilter(SSLContextFactory.getInstance(true));
>>>>>>>>
>>>>>>>>
>>>>>>> I'm not familiar with the SSLContextFactory class. Is that
>>>>>>> something
>>>>>>> you've developed yourself? What does getInstance() do?
>>>>>>>
>>>>>>> Make sure the SSLEngine you're using isn't set to client mode.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> Hmmm, ok. And your client? Is it using MINA? Maybe your client
>>>>> doesn't
>>>>> trust the bogus certificate used by the server? What does the stack
>>>>> trace of the exception you get look like? Is the exception thrown
>>>>> on the
>>>>> client or server side? What MINA version are you using?
>>>>>
>>>>>
>>>>>
>>>> Hi ;-),
>>>>
>>>> my java client use Mina (version 0.9.4) and in the SocketConnector's
>>>> SessionCreated method I add sslFilter to the session:
>>>> ...
>>>> SSLFilter filter = new
>>>> SSLFilter(SSLContextFactory.getInstance(false));
>>>> filter.setUseClientMode(true);
>>>> session.getFilterChain().addFirst("sslFilter", filter);
>>>> ...
>>>> session.getFilterChain().addLast("protocolFilter", new
>>>> ProtocolCodecFilter(this.codecFactory));
>>>> ...
>>>>
>>>> I've tryed to change the adding filter order but I hadn't good
>>>> result :-/
>>>> I'm using Mina 0.9.4 for client and server both.
>>>> Here there's my stack trace.
>>>>
>>>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>>>> at
>>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
>>>>
>>>> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
>>>> forzatamente la sessione: Initial SSL handshake failed.
>>>>
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
>>>>
>>>>
>>>> at
>>>> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
>>>>
>>>>
>>>> Caused by: javax.net.ssl.SSLException: Received close_notify during
>>>> handshake
>>>> at
>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>>
>>>>
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
>>>>
>>>> - Handler] Sessione chiusa
>>>>
>>> I've tryed to change some things and now in the SessionCreated
>>> method I do:
>>>
>>> if (mode==RTMP.MODE_CLIENT) {
>>>
>>> SSLFilter filter = new
>>> SSLFilter(SSLContextFactory.getInstance(false));
>>> filter.setUseClientMode(true);
>>> session.getFilterChain().addLast("sslFilter", filter);
>>> Log.info("Connector SSL ON");
>>>
>>> session.getFilterChain().addLast("protocolFilter",
>>> new ProtocolCodecFilter(codecFactory));
>>> } else{
>>>
>>> SSLFilter filter = new
>>> SSLFilter(SSLContextFactory.getInstance(true));
>>> filter.setUseClientMode(false);
>>> session.getFilterChain().addLast("sslFilter", filter);
>>> Log.info("Acceptor SSL ON");
>>>
>>> session.getFilterChain().addLast("protocolFilter",
>>> new ProtocolCodecFilter(codecFactory));
>>> }
>>>
>>> But now I have these exception (at server side):
>>>
>>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>>> at
>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953
>>>
>>> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
>>> forzatamente la sessione: Initial SSL handshake failed.
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
>>>
>>> Caused by: javax.net.ssl.SSLException: Received fatal alert:
>>> certificate_unknown
>>> at
>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
>>>
>>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
>>> at
>>> org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675)
>>>
>>> at
>>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492)
>>>
>>> at
>>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
>>>
>>> at
>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
>>> ... 6 more
>>>
>>>
>>>
>>> And these (at client side):
>>>
>>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>>> at
>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
>>>
>>> at
>>> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
>>>
>>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine
>>> problem
>>> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown
>>> Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown
>>> Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
>>> Source)
>>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
>>> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
>>> at
>>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
>>>
>>> at
>>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
>>>
>>> at
>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
>>> ... 6 more
>>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine
>>> problem
>>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
>>> Source)
>>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
>>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
>>> Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
>>> Source)
>>> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
>>> Source)
>>> at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
>>> Source)
>>> at
>>> org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
>>> at
>>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
>>>
>>> ... 8 more
>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>> validation failed: java.security.cert.CertPathValidatorException:
>>> timestamp check failed
>>> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
>>> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
>>> at sun.security.validator.PKIXValidator.engineValidate(Unknown
>>> Source)
>>> at sun.security.validator.Validator.validate(Unknown Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
>>> Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>>>
>>> Source)
>>> at
>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>>>
>>> Source)
>>> ... 16 more
>>> Caused by: java.security.cert.CertPathValidatorException: timestamp
>>> check failed
>>> at
>>> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
>>>
>>> Source)
>>> at
>>> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
>>> Source)
>>> at
>>> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
>>>
>>> Source)
>>> at java.security.cert.CertPathValidator.validate(Unknown Source)
>>> ... 23 more
>>> Caused by: java.security.cert.CertificateExpiredException: NotAfter:
>>> Sun
>>> Mar 11 00:59:59 CET 2007
>>> at sun.security.x509.CertificateValidity.valid(Unknown Source)
>>> at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
>>> at
>>> sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown
>>> Source)
>>> at sun.security.provider.certpath.BasicChecker.check(Unknown
>>> Source)
>>> [DUBUG - Handler] Sessione chiusa
>>> ... 27 more
>>>
>>> Note that the certificate isn't expired and that I use the same
>>> certificate for server and client both. :-( :-( :-(
>>>
>>>
>>
>>
>>
>>
>
Re: SSL problem
Posted by Francesca Milan <fr...@newvision.it>.
I've tryed my client and server applications with MINA 1.1.2 but I've
the same errors :-/
Trustin Lee ha scritto:
> I guess we fixed this problem long long time ago. Why don't you upgrade to 1.x?
>
> Trustin
>
> On Nov 9, 2007 1:30 AM, Francesca Milan <fr...@newvision.it> wrote:
>
>> Francesca Milan ha scritto:
>>
>>
>>> Niklas Therning ha scritto:
>>>
>>>> Francesca Milan wrote:
>>>>
>>>>
>>>>> SSLContextFactory was this class
>>>>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
>>>>>
>>>>>
>>>>>
>>>>> Niklas Therning ha scritto:
>>>>>
>>>>>
>>>>>> Francesca Milan wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> <snip/>
>>>>>>>
>>>>>>> SSLFilter filter = new
>>>>>>> SSLFilter(SSLContextFactory.getInstance(true));
>>>>>>>
>>>>>>>
>>>>>> I'm not familiar with the SSLContextFactory class. Is that something
>>>>>> you've developed yourself? What does getInstance() do?
>>>>>>
>>>>>> Make sure the SSLEngine you're using isn't set to client mode.
>>>>>>
>>>>>>
>>>>>>
>>>> Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
>>>> trust the bogus certificate used by the server? What does the stack
>>>> trace of the exception you get look like? Is the exception thrown on the
>>>> client or server side? What MINA version are you using?
>>>>
>>>>
>>>>
>>> Hi ;-),
>>>
>>> my java client use Mina (version 0.9.4) and in the SocketConnector's
>>> SessionCreated method I add sslFilter to the session:
>>> ...
>>> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false));
>>> filter.setUseClientMode(true);
>>> session.getFilterChain().addFirst("sslFilter", filter);
>>> ...
>>> session.getFilterChain().addLast("protocolFilter", new
>>> ProtocolCodecFilter(this.codecFactory));
>>> ...
>>>
>>> I've tryed to change the adding filter order but I hadn't good result :-/
>>> I'm using Mina 0.9.4 for client and server both.
>>> Here there's my stack trace.
>>>
>>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>>> at
>>> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
>>> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
>>> forzatamente la sessione: Initial SSL handshake failed.
>>>
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
>>>
>>> at
>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
>>>
>>> at
>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
>>>
>>> at
>>> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
>>>
>>> at
>>> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
>>>
>>> Caused by: javax.net.ssl.SSLException: Received close_notify during
>>> handshake
>>> at
>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>
>>> at
>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
>>> - Handler] Sessione chiusa
>>>
>> I've tryed to change some things and now in the SessionCreated method I do:
>>
>> if (mode==RTMP.MODE_CLIENT) {
>>
>> SSLFilter filter = new
>> SSLFilter(SSLContextFactory.getInstance(false));
>> filter.setUseClientMode(true);
>> session.getFilterChain().addLast("sslFilter", filter);
>> Log.info("Connector SSL ON");
>>
>> session.getFilterChain().addLast("protocolFilter",
>> new ProtocolCodecFilter(codecFactory));
>> } else{
>>
>> SSLFilter filter = new
>> SSLFilter(SSLContextFactory.getInstance(true));
>> filter.setUseClientMode(false);
>> session.getFilterChain().addLast("sslFilter", filter);
>> Log.info("Acceptor SSL ON");
>>
>> session.getFilterChain().addLast("protocolFilter",
>> new ProtocolCodecFilter(codecFactory));
>> }
>>
>> But now I have these exception (at server side):
>>
>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>> at
>> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
>> at
>> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953
>> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
>> forzatamente la sessione: Initial SSL handshake failed.
>>
>> at
>> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
>> Caused by: javax.net.ssl.SSLException: Received fatal alert:
>> certificate_unknown
>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
>> at
>> org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675)
>> at
>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492)
>> at
>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
>> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
>> ... 6 more
>>
>>
>>
>> And these (at client side):
>>
>> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
>> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>> at
>> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
>> at
>> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
>> at
>> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
>> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
>> at
>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
>> at
>> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
>> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
>> ... 6 more
>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
>> at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
>> Source)
>> at
>> org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
>> at
>> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
>> ... 8 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>> validation failed: java.security.cert.CertPathValidatorException:
>> timestamp check failed
>> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
>> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
>> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
>> at sun.security.validator.Validator.validate(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
>> Source)
>> ... 16 more
>> Caused by: java.security.cert.CertPathValidatorException: timestamp
>> check failed
>> at
>> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
>> Source)
>> at
>> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
>> Source)
>> at
>> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
>> Source)
>> at java.security.cert.CertPathValidator.validate(Unknown Source)
>> ... 23 more
>> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun
>> Mar 11 00:59:59 CET 2007
>> at sun.security.x509.CertificateValidity.valid(Unknown Source)
>> at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
>> at
>> sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
>> at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
>> [DUBUG - Handler] Sessione chiusa
>> ... 27 more
>>
>> Note that the certificate isn't expired and that I use the same
>> certificate for server and client both. :-( :-( :-(
>>
>>
>
>
>
>
Re: SSL problem
Posted by Trustin Lee <tr...@gmail.com>.
I guess we fixed this problem long long time ago. Why don't you upgrade to 1.x?
Trustin
On Nov 9, 2007 1:30 AM, Francesca Milan <fr...@newvision.it> wrote:
> Francesca Milan ha scritto:
>
> > Niklas Therning ha scritto:
> >> Francesca Milan wrote:
> >>
> >>> SSLContextFactory was this class
> >>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
> >>>
> >>>
> >>>
> >>> Niklas Therning ha scritto:
> >>>
> >>>> Francesca Milan wrote:
> >>>>
> >>>>
> >>>>> <snip/>
> >>>>>
> >>>>> SSLFilter filter = new
> >>>>> SSLFilter(SSLContextFactory.getInstance(true));
> >>>>>
> >>>> I'm not familiar with the SSLContextFactory class. Is that something
> >>>> you've developed yourself? What does getInstance() do?
> >>>>
> >>>> Make sure the SSLEngine you're using isn't set to client mode.
> >>>>
> >>>>
> >> Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
> >> trust the bogus certificate used by the server? What does the stack
> >> trace of the exception you get look like? Is the exception thrown on the
> >> client or server side? What MINA version are you using?
> >>
> >>
> > Hi ;-),
> >
> > my java client use Mina (version 0.9.4) and in the SocketConnector's
> > SessionCreated method I add sslFilter to the session:
> > ...
> > SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false));
> > filter.setUseClientMode(true);
> > session.getFilterChain().addFirst("sslFilter", filter);
> > ...
> > session.getFilterChain().addLast("protocolFilter", new
> > ProtocolCodecFilter(this.codecFactory));
> > ...
> >
> > I've tryed to change the adding filter order but I hadn't good result :-/
> > I'm using Mina 0.9.4 for client and server both.
> > Here there's my stack trace.
> >
> > javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> > at
> > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
> >
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
> >
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
> >
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
> >
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
> > [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
> > forzatamente la sessione: Initial SSL handshake failed.
> >
> > at
> > org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
> >
> > at
> > org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
> >
> > at
> > org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
> >
> > at
> > org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
> >
> > at
> > org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
> >
> > Caused by: javax.net.ssl.SSLException: Received close_notify during
> > handshake
> > at
> > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
> >
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
> >
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
> >
> > at
> > com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
> > - Handler] Sessione chiusa
> I've tryed to change some things and now in the SessionCreated method I do:
>
> if (mode==RTMP.MODE_CLIENT) {
>
> SSLFilter filter = new
> SSLFilter(SSLContextFactory.getInstance(false));
> filter.setUseClientMode(true);
> session.getFilterChain().addLast("sslFilter", filter);
> Log.info("Connector SSL ON");
>
> session.getFilterChain().addLast("protocolFilter",
> new ProtocolCodecFilter(codecFactory));
> } else{
>
> SSLFilter filter = new
> SSLFilter(SSLContextFactory.getInstance(true));
> filter.setUseClientMode(false);
> session.getFilterChain().addLast("sslFilter", filter);
> Log.info("Acceptor SSL ON");
>
> session.getFilterChain().addLast("protocolFilter",
> new ProtocolCodecFilter(codecFactory));
> }
>
> But now I have these exception (at server side):
>
> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
> at
> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953
> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
> forzatamente la sessione: Initial SSL handshake failed.
>
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
> Caused by: javax.net.ssl.SSLException: Received fatal alert:
> certificate_unknown
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
> at
> org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675)
> at
> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492)
> at
> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
> ... 6 more
>
>
>
> And these (at client side):
>
> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
> at
> org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
> at
> org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
> at javax.net.ssl.SSLEngine.wrap(Unknown Source)
> at
> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
> at
> org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
> at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
> ... 6 more
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
> Source)
> at
> org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
> at
> org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
> ... 8 more
> Caused by: sun.security.validator.ValidatorException: PKIX path
> validation failed: java.security.cert.CertPathValidatorException:
> timestamp check failed
> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 16 more
> Caused by: java.security.cert.CertPathValidatorException: timestamp
> check failed
> at
> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
> Source)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
> Source)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
> Source)
> at java.security.cert.CertPathValidator.validate(Unknown Source)
> ... 23 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun
> Mar 11 00:59:59 CET 2007
> at sun.security.x509.CertificateValidity.valid(Unknown Source)
> at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
> at
> sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
> at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
> [DUBUG - Handler] Sessione chiusa
> ... 27 more
>
> Note that the certificate isn't expired and that I use the same
> certificate for server and client both. :-( :-( :-(
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
Re: SSL problem
Posted by Francesca Milan <fr...@newvision.it>.
Francesca Milan ha scritto:
> Niklas Therning ha scritto:
>> Francesca Milan wrote:
>>
>>> SSLContextFactory was this class
>>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
>>>
>>>
>>>
>>> Niklas Therning ha scritto:
>>>
>>>> Francesca Milan wrote:
>>>>
>>>>
>>>>> <snip/>
>>>>>
>>>>> SSLFilter filter = new
>>>>> SSLFilter(SSLContextFactory.getInstance(true));
>>>>>
>>>> I'm not familiar with the SSLContextFactory class. Is that something
>>>> you've developed yourself? What does getInstance() do?
>>>>
>>>> Make sure the SSLEngine you're using isn't set to client mode.
>>>>
>>>>
>> Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
>> trust the bogus certificate used by the server? What does the stack
>> trace of the exception you get look like? Is the exception thrown on the
>> client or server side? What MINA version are you using?
>>
>>
> Hi ;-),
>
> my java client use Mina (version 0.9.4) and in the SocketConnector's
> SessionCreated method I add sslFilter to the session:
> ...
> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false));
> filter.setUseClientMode(true);
> session.getFilterChain().addFirst("sslFilter", filter);
> ...
> session.getFilterChain().addLast("protocolFilter", new
> ProtocolCodecFilter(this.codecFactory));
> ...
>
> I've tryed to change the adding filter order but I hadn't good result :-/
> I'm using Mina 0.9.4 for client and server both.
> Here there's my stack trace.
>
> javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
> at
> org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
>
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
>
> at
> org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
>
> at
> org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
>
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
> [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
> forzatamente la sessione: Initial SSL handshake failed.
>
> at
> org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
>
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
>
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
>
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
>
> at
> org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
>
> Caused by: javax.net.ssl.SSLException: Received close_notify during
> handshake
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
> - Handler] Sessione chiusa
I've tryed to change some things and now in the SessionCreated method I do:
if (mode==RTMP.MODE_CLIENT) {
SSLFilter filter = new
SSLFilter(SSLContextFactory.getInstance(false));
filter.setUseClientMode(true);
session.getFilterChain().addLast("sslFilter", filter);
Log.info("Connector SSL ON");
session.getFilterChain().addLast("protocolFilter",
new ProtocolCodecFilter(codecFactory));
} else{
SSLFilter filter = new
SSLFilter(SSLContextFactory.getInstance(true));
filter.setUseClientMode(false);
session.getFilterChain().addLast("sslFilter", filter);
Log.info("Acceptor SSL ON");
session.getFilterChain().addLast("protocolFilter",
new ProtocolCodecFilter(codecFactory));
}
But now I have these exception (at server side):
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953
[Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
forzatamente la sessione: Initial SSL handshake failed.
at
org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
Caused by: javax.net.ssl.SSLException: Received fatal alert:
certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
... 6 more
And these (at client side):
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
Source)
at
org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path
validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 16 more
Caused by: java.security.cert.CertPathValidatorException: timestamp
check failed
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
Source)
at
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
Source)
at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
... 23 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun
Mar 11 00:59:59 CET 2007
at sun.security.x509.CertificateValidity.valid(Unknown Source)
at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
at
sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
[DUBUG - Handler] Sessione chiusa
... 27 more
Note that the certificate isn't expired and that I use the same
certificate for server and client both. :-( :-( :-(
Re: SSL problem
Posted by Francesca Milan <fr...@newvision.it>.
Niklas Therning ha scritto:
> Francesca Milan wrote:
>
>> SSLContextFactory was this class
>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
>>
>>
>> Niklas Therning ha scritto:
>>
>>> Francesca Milan wrote:
>>>
>>>
>>>> <snip/>
>>>>
>>>> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true));
>>>>
>>>>
>>> I'm not familiar with the SSLContextFactory class. Is that something
>>> you've developed yourself? What does getInstance() do?
>>>
>>> Make sure the SSLEngine you're using isn't set to client mode.
>>>
>>>
>>>
> Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
> trust the bogus certificate used by the server? What does the stack
> trace of the exception you get look like? Is the exception thrown on the
> client or server side? What MINA version are you using?
>
>
Hi ;-),
my java client use Mina (version 0.9.4) and in the SocketConnector's
SessionCreated method I add sslFilter to the session:
...
SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false));
filter.setUseClientMode(true);
session.getFilterChain().addFirst("sslFilter", filter);
...
session.getFilterChain().addLast("protocolFilter", new
ProtocolCodecFilter(this.codecFactory));
...
I've tryed to change the adding filter order but I hadn't good result :-/
I'm using Mina 0.9.4 for client and server both.
Here there's my stack trace.
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
[Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
forzatamente la sessione: Initial SSL handshake failed.
at
org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
Caused by: javax.net.ssl.SSLException: Received close_notify during
handshake
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
- Handler] Sessione chiusa
Re: SSL problem
Posted by Niklas Therning <ni...@trillian.se>.
Francesca Milan wrote:
> SSLContextFactory was this class
> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
>
>
> Niklas Therning ha scritto:
>> Francesca Milan wrote:
>>
>>> <snip/>
>>>
>>> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true));
>>>
>> I'm not familiar with the SSLContextFactory class. Is that something
>> you've developed yourself? What does getInstance() do?
>>
>> Make sure the SSLEngine you're using isn't set to client mode.
>>
>>
>
Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
trust the bogus certificate used by the server? What does the stack
trace of the exception you get look like? Is the exception thrown on the
client or server side? What MINA version are you using?
--
Niklas Therning
www.spamdrain.net
Re: SSL problem
Posted by Francesca Milan <fr...@newvision.it>.
SSLContextFactory was this class
http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
Niklas Therning ha scritto:
> Francesca Milan wrote:
>
>> <snip/>
>>
>> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true));
>>
> I'm not familiar with the SSLContextFactory class. Is that something
> you've developed yourself? What does getInstance() do?
>
> Make sure the SSLEngine you're using isn't set to client mode.
>
>
Re: SSL problem
Posted by Niklas Therning <ni...@trillian.se>.
Francesca Milan wrote:
> <snip/>
>
> SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true));
I'm not familiar with the SSLContextFactory class. Is that something
you've developed yourself? What does getInstance() do?
Make sure the SSLEngine you're using isn't set to client mode.
--
Niklas Therning
www.spamdrain.net