You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@turbine.apache.org by David Bolshoy <da...@zootec.com> on 2003/09/07 18:45:31 UTC

Please help! stuck with SSL problems

Hi all,

I seem to be stuck with a strange SSL problem. I am trying to open a client SSL connection from inside Turbine service.
I get the following error:
java.net.SocketException: Default SSL context init failed: null

The code is very simple:
  URL url = new URL(https://www.verisign.com);
  URLConnection connection = url.openConnection();

This code works perfectly in a standalone sample app. I am running Blackdown JDK 1.4.1 (on RH 8), so JSEE is already inside my classpath.
What is also strange, when I add -Djavax.net.debug=all , no debug output is ever seen! It seems like a classpath problem, but I am really not sure I have some other SSL implementation.

Any ideas are most welcome.

Thanx!

David

Important: Solved: Please help! stuck with SSL problems

Posted by David Bolshoy <da...@zootec.com>.

Hi,

After a couple of very nervous days, I stumbled upon this article:
http://www.discursive.com/articles/2002/06/tomcat_ssl.html

Apparently, Tomcat uses deprecated JSSE 1.0.2 API ( com.sun.net.ssl package)
and overrides the newer implementation (javax.net.ssl).
It forces ${user.home}/.keystore as a default keystore file and not cacerts.
It means if you want to open a client SSL from inside Tomcat,
do your own inits first (or use URLStreamHandler instead):

import com.sun.net.ssl.*; // yup, use your grandmother's api

      String keystorePass = "xxxxx";
      String keystoreFile = "xxxxx";
      KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      keyStore.load(new FileInputStream(keystoreFile),
keystorePass.toCharArray());
       TrustManagerFactory tmFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmFactory.init(keyStore);
      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.init(null, tmFactory.getTrustManagers(), null);
      HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());

Hope it will save some time to those stuck with this problem.

Cheers,

David


----- Original Message ----- 
From: "Eric Emminger" <er...@ericemminger.com>
To: "Turbine Users List" <tu...@jakarta.apache.org>;
<da...@zootec.com>
Sent: Tuesday, September 09, 2003 8:55 PM
Subject: Re: Please help! stuck with SSL problems


> David
>
> David Bolshoy wrote:
> > Hi all,
> >
> > I seem to be stuck with a strange SSL problem. I am trying to open a
client SSL connection from inside Turbine service.
> > I get the following error:
> > java.net.SocketException: Default SSL context init failed: null
> >
> > The code is very simple:
> >   URL url = new URL(https://www.verisign.com);
> >   URLConnection connection = url.openConnection();
>
> Are you sure https (note the 's') can be used with URLConnection?
>
> > This code works perfectly in a standalone sample app. I am running
Blackdown JDK 1.4.1 (on RH 8), so JSEE is already inside my classpath.
> > What is also strange, when I add -Djavax.net.debug=all , no debug output
is ever seen! It seems like a classpath problem, but I am really not sure I
have some other SSL implementation.
>
> Is the sample app also a servlet, or something else? Maybe Tomcat is
> blocking with Catalina permissions.
>
> Eric
>
>

Re: Please help! stuck with SSL problems

Posted by Eric Emminger <er...@ericemminger.com>.

David

> https can be used with URLConnection in java 2. As I already mentioned, the
> same lines put in a sample app work fine.

ok

> The sample app is not a servet - I also think that the problem is somewhere
> in Tomcat, though I am not running it with a security manager, so it should
> not block anything as far as I understand.

Security manager is different. See if your <tomcat>/conf/catalina.policy 
is blocking it.

> I think it's about the classloading, but I am not sure. Is there any way I
> can log the classloading process?

I don't know that.

Eric

Re: Please help! stuck with SSL problems

Posted by David Bolshoy <da...@zootec.com>.

Hello Eric,

Thanx for your help.

https can be used with URLConnection in java 2. As I already mentioned, the
same lines put in a sample app work fine.
The sample app is not a servet - I also think that the problem is somewhere
in Tomcat, though I am not running it with a security manager, so it should
not block anything as far as I understand.
I think it's about the classloading, but I am not sure. Is there any way I
can log the classloading process?

Thanx,

David

----- Original Message ----- 
From: "Eric Emminger" <er...@ericemminger.com>
To: "Turbine Users List" <tu...@jakarta.apache.org>;
<da...@zootec.com>
Sent: Tuesday, September 09, 2003 8:55 PM
Subject: Re: Please help! stuck with SSL problems


> David
>
> David Bolshoy wrote:
> > Hi all,
> >
> > I seem to be stuck with a strange SSL problem. I am trying to open a
client SSL connection from inside Turbine service.
> > I get the following error:
> > java.net.SocketException: Default SSL context init failed: null
> >
> > The code is very simple:
> >   URL url = new URL(https://www.verisign.com);
> >   URLConnection connection = url.openConnection();
>
> Are you sure https (note the 's') can be used with URLConnection?
>
> > This code works perfectly in a standalone sample app. I am running
Blackdown JDK 1.4.1 (on RH 8), so JSEE is already inside my classpath.
> > What is also strange, when I add -Djavax.net.debug=all , no debug output
is ever seen! It seems like a classpath problem, but I am really not sure I
have some other SSL implementation.
>
> Is the sample app also a servlet, or something else? Maybe Tomcat is
> blocking with Catalina permissions.
>
> Eric
>
>

Re: Please help! stuck with SSL problems

Posted by Eric Emminger <er...@ericemminger.com>.

David

David Bolshoy wrote:
> Hi all,
> 
> I seem to be stuck with a strange SSL problem. I am trying to open a client SSL connection from inside Turbine service.
> I get the following error:
> java.net.SocketException: Default SSL context init failed: null
> 
> The code is very simple:
>   URL url = new URL(https://www.verisign.com);
>   URLConnection connection = url.openConnection();

Are you sure https (note the 's') can be used with URLConnection?

> This code works perfectly in a standalone sample app. I am running Blackdown JDK 1.4.1 (on RH 8), so JSEE is already inside my classpath.
> What is also strange, when I add -Djavax.net.debug=all , no debug output is ever seen! It seems like a classpath problem, but I am really not sure I have some other SSL implementation.

Is the sample app also a servlet, or something else? Maybe Tomcat is 
blocking with Catalina permissions.

Eric