You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Mooney, Daniel" <Da...@ca.com> on 2007/09/24 11:42:05 UTC
Failure in SSL handshake
Morning all,
I am having a bit of a problem with the windows axis2/c client
communicating with an SSL enabled Server.
The server must be set up correctly because if I connect to the server
using IE or Openssl.exe, there is no problem.
OpenSSL version shows I am running OpenSSL 0.9.7d which was downloaded
from the Openssl web site.
Certificates have been properly generated and set in place.
When I use the Browser, IE - 6.0.2900 that runs with a cipher strength
of 128-bit: I am able to connect and run a service.
https://remotehost:443/axis2/services/listServices
<https://remotehost/axis2/services/listServices>
the browser connects to the server and retrieves the list of services
with the appropriate descriptions.
Running server/SSL traces shows the SSL handshake all looks fine.
Next running the "Openssl s_client -connect remotehost:443" shows the
SSL handshake working.
The certificate is passed from the Server to the Openssl.exe and all
looks fine.
I added the ENABLE_SSL=1, set the OPENSSL_BIN_DIR to the correct
directory and built the axis2c from the axis2c-src-1.1.0 source,
and made the following changes to axis2.xml:
<transportSender name="https" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter
name="SERVER_CERT">c:\axis2c-src-1.1.0\SSLcertificates\servcert.txt</par
ameter>
</transportSender>
The problem occurs when running the axis2/c client samples.
"http://remotehost:80/axis2/services/hello
<http://remotehost/axis2/services/hello> -auth UserID Password" works
fine.
However, https://remotehost:443/axis2/services/hello -auth UserID
Password
<https://remotehost/axis2/services/hello%20-auth%20UserID%20Password>
immediately fails.
Server tracing shows:
"SSL server handshake failed: return code -22 (GSK_ERROR_SOCKET_CLOSED:
The secure session ended)"
SSL tracing on the server side shows:
INFO gsk_secure_socket_init(): SSL V2 cipher specs: 764321
INFO gsk_secure_socket_init(): No SSL V3 cipher specs
INFO default_setsocketoptions(): TCP_NODELAY set for socket 14
INFO gsk_perform_v2_server_handshake(): Performing SSL V2 server
handshake with "client_IP_address [port number]"
INFO gsk_read_v2_record(): Calling read routine
ERROR gsk_read_v2_record(): Socket closed by "client_IP_address [port
number]"
ERROR gsk_secure_socket_init(): SSL V2 server handshake failed with
client_IP_address [port number]".
ERROR default_setsocketoptions():setsockopt(TCP_NODELAY) failed for
socket 14: 121 - EDC5121I Invalid argument.
ERROR gsk_secure_socket_init(): Default callback failed to restore
socket options
EDC5121I Invalid argument.
EXIT gsk_secure_socket_init(): <--- Exit status 0x000001a4 (420)
ENTRY gsk_secure_socket_close(): ---> Handle 1094F4F0
EXIT gsk_secure_socket_close(): <--- Exit status 0x00000000 (0)
EXIT gsk_secure_soc_init(): <--- Exit status 0xffffffea (-22) Handle
00000000