You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Mooney, Daniel" <Da...@ca.com> on 2007/09/24 11:42:05 UTC

Failure in SSL handshake

Morning all,

 

I am having a bit of a problem with the windows axis2/c client
communicating with an SSL enabled Server.

The server must be set up correctly because if I connect to the server
using IE or Openssl.exe, there is no problem.

 

OpenSSL version shows I am running OpenSSL 0.9.7d which was downloaded
from the Openssl web site.

 

Certificates have been properly generated and set in place.

When I use the Browser, IE - 6.0.2900 that runs with a cipher strength
of 128-bit: I am able to connect and run a service.

https://remotehost:443/axis2/services/listServices
<https://remotehost/axis2/services/listServices> 

the browser connects to the server and retrieves the list of services
with the appropriate descriptions.

Running server/SSL traces shows the SSL handshake all looks fine.

 

Next running the "Openssl s_client -connect remotehost:443" shows the
SSL handshake working.

The certificate is passed from the Server to the Openssl.exe and all
looks fine.

 

I added the ENABLE_SSL=1, set the OPENSSL_BIN_DIR to the correct
directory and built the axis2c from the axis2c-src-1.1.0 source,

and made the following changes to axis2.xml:

     <transportSender name="https" class="axis2_http_sender">

        <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>

        <parameter
name="SERVER_CERT">c:\axis2c-src-1.1.0\SSLcertificates\servcert.txt</par
ameter>

    </transportSender>

 

The problem occurs when running the axis2/c client samples.

 "http://remotehost:80/axis2/services/hello
<http://remotehost/axis2/services/hello>  -auth UserID Password" works
fine.

However, https://remotehost:443/axis2/services/hello -auth UserID
Password
<https://remotehost/axis2/services/hello%20-auth%20UserID%20Password>
immediately fails.

 

Server tracing shows: 

"SSL server handshake failed: return code -22 (GSK_ERROR_SOCKET_CLOSED:
The secure session ended)"

 

SSL tracing on the server side shows:

INFO gsk_secure_socket_init(): SSL V2 cipher specs: 764321


INFO gsk_secure_socket_init(): No SSL V3 cipher specs


INFO default_setsocketoptions(): TCP_NODELAY set for socket 14


INFO gsk_perform_v2_server_handshake(): Performing SSL V2 server
handshake with "client_IP_address [port number]" 

INFO gsk_read_v2_record(): Calling read routine


ERROR gsk_read_v2_record(): Socket closed by "client_IP_address [port
number]"               

ERROR gsk_secure_socket_init(): SSL V2 server handshake failed with
client_IP_address [port number]".

ERROR default_setsocketoptions():setsockopt(TCP_NODELAY) failed for
socket 14: 121 - EDC5121I Invalid argument. 

ERROR gsk_secure_socket_init(): Default callback failed to restore
socket options

EDC5121I Invalid argument.


EXIT gsk_secure_socket_init(): <--- Exit status 0x000001a4 (420)


ENTRY gsk_secure_socket_close(): ---> Handle 1094F4F0


EXIT gsk_secure_socket_close(): <--- Exit status 0x00000000 (0)


EXIT gsk_secure_soc_init(): <--- Exit status 0xffffffea (-22) Handle
00000000