camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <>
Subject [jira] [Updated] (CAMEL-8946) Original SSLHandshakeException was overridden by Camel Netty Http producer
Date Fri, 17 Jul 2015 07:36:04 GMT


Claus Ibsen updated CAMEL-8946:
    Fix Version/s: 2.16.0

> Original SSLHandshakeException was overridden by Camel Netty Http producer
> --------------------------------------------------------------------------
>                 Key: CAMEL-8946
>                 URL:
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-netty, camel-netty-http
>    Affects Versions: 2.12.5
>            Reporter: Joe Qiang Luo
>             Fix For: 2.16.0
>         Attachments:, client-keystore.jks, client-truststore.jks,
patch.txt, server-keystore.jks, server-truststore.jks
> I am having difficulties to troubleshoot some of the SSL failures when my application
attempts to connect to back ends. I am not able to understand by looking at the logs what
is making the connection to fail.
> When inspecting the behavior of 'camel-netty-http' for a particular use case where no
trusted certificates are available, I realize that Netty is throwing an SSLHandshakeException,
but then it gets lost and a ClosedChannelExcetpion is thrown back instead.
> While DEBUG and WARN level messages give indication about the real source of the problem,
the final ERROR level message looses the error context. This is problematic when I run the
system in ERROR level, and when I see failures I can't determine the reasons.
> The sequence of logs is as follows:
> 1) first a DEBUG trace:
> DEBUG Closing channel as an exception was thrown from Netty
> General SSLEngine problem
> ... Caused by: General SSLEngine problem
> ... Caused by: No trusted certificate found
> 2) then a WARN trace:
> WARN  HttpServerChannelHandler is not found as attachment to handle exception, send 404
back to the client.
> Received fatal alert: certificate_unknown
> 3) and an ERROR trace:
> ERROR Failed delivery for...
> ... java.nio.channels.ClosedChannelException
> 	at org.jboss.netty.handler.ssl.SslHandler$
> I have made a simple fix on class since NettyHttpProducer class is
inherited from it.
> I'll also attach a junit test
> org/apache/camel/component/netty/http/
> that reproduces the situation as well as a patch (patch.txt) to this JIRA.
> Note, the junit test requires some keystore files so you will need to copy over following
four files:
> camel-cxf/src/test/resources/wssecurity/keystore/client-keystore.jks
> camel-cxf/src/test/resources/wssecurity/keystore/client-truststore.jks
> camel-cxf/src/test/resources/wssecurity/keystore/server-keystore.jks
> camel-cxf/src/test/resources/wssecurity/keystore/server-truststore.jks
> over to camel-netty-http/src/test/resources/jsse/ folder in order to get the junit test
to work.

This message was sent by Atlassian JIRA

View raw message