cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arundel, Donal" <donal.arun...@iona.com>
Subject RE: client SSL question
Date Thu, 21 Feb 2008 14:51:04 GMT
Yup, if you can't ping wjcp7meduat1.medpoint.com  (the hostname part of
the URL) then nothing will work.
This has nothing to do with CXF or SSL per-se, just your systems TCP and
DNS setup, or even an incorrect URL.

The hostname has to be resolvable to an IP address, 
e.g. an nslookup on NT should return the ip address.

If you do actually know the I/P address and your problem is just just a
DNS lookup issue then just  replace the symbolic hostname with the
actual I/P address in the SOAP address location URL below.
e.g. www.iona.com would be changed to, where  10.70.2.23 is the result
of an nslookup of www.iona.com.

http://10.70.2.23/

Then perhaps seek assistance from either your local network admin about
the DNS issue.

Cheers,
    Donal

-----Original Message-----
From: yulinxp [mailto:yulinxp@gmail.com] 
Sent: 21 February 2008 14:14
To: cxf-user@incubator.apache.org
Subject: RE: client SSL question


<soap:address
location="https://wjcp7meduat1.medpoint.com/mdfwebservices/hprequest.asm
x"/> 
<soap:address> is the entry point, right? But I can't even ping
wjcp7meduat1.medpoint.com.
Should I be able to ping it cmd?




Arundel, Donal wrote:
> 
> 
> You are getting an unknown host exception in the second case..
> 
> e.g A name lookup (DNS) issue.
> 
> This error would occur at the vanila socket layer,
> and wouldn't really be anything to do with SSL specifically.
> 
> Maybe try the direct ip address temporarily until you resolve the
lookup
> issue?
> 
> The first error in your mail occurred at the TLS level after
> connectivity at the TCP layer was achieved.
> That's why the errors are different.
> "No trusted certificates found" error is presumably what you were
> expecting since you disabled the setting of your key and trust
managers.
> 
> Cheers,
>     Donal
> 
> 
> 
> java.net.UnknownHostException: wjcp7meduat1.medpoint.com
> 
> -----Original Message-----
> From: yulinxp [mailto:yulinxp@gmail.com] 
> Sent: 19 February 2008 20:34
> To: cxf-user@incubator.apache.org
> Subject: client SSL question
> 
> 
> Below is the working copy for client to connecting to a CXF server.
> Because I comment out tlsParams.setKeyManagers and
> tlsParams.setTrustManagers, 
> client receives javax.net.ssl.SSLHandshakeException:
> 
>     HelloWorld ss = new HelloWorld();
>     HelloWorldPortType port = ss.getHelloWorldPort();
>     org.apache.cxf.endpoint.Client c = ClientProxy.getClient(port);
> 
>     HTTPConduit httpConduit = (HTTPConduit) c.getConduit();        
>     TLSClientParameters tlsParams = new TLSClientParameters();
>     tlsParams.setSecureSocketProtocol("SSL");
> //    try {
> //        tlsParams.setKeyManagers(xxxx);
> //        tlsParams.setTrustManagers(xxx);
> //    } catch (IOException e) {
> //        e.printStackTrace();
> //    }       
>     httpConduit.setTlsClientParameters(tlsParams);
> 
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate
found
> 	at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476
> )
> 	at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> 	at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> 	at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
> ndshaker.java:847)
> 	at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands
> haker.java:106)
> 	at
>
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> 	at
>
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4
> 33)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
> :815)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
> cketImpl.java:1025)
> 	at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
> java:1038)
> 	at
>
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402
> )
> 	at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
> stractDelegateHttpsURLConnection.java:170)
> 	at
>
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConne
> ction.java:836)
> 	at
>
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsU
> RLConnectionImpl.java:230)
> 	at
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHead
> ersTrustCaching(HTTPConduit.java:1766)
> 	at
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWri
> te(HTTPConduit.java:1734)
> 	at
>
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
> tStream.java:42)
> 	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
> 	at
> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> 	at
> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> 	... 100 more
> Caused by: sun.security.validator.ValidatorException: No trusted
> certificate
> found
> 	at
>
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator
> .java:304)
> 	at
>
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja
> va:107)
> 	at sun.security.validator.Validator.validate(Validator.java:203)
> 	at
>
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
> 9TrustManagerImpl.java:172)
> 	at
>
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSL
> ContextImpl.java:320)
> 	at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
> ndshaker.java:840)
> 
> Now I use the same client to connect to NET server, I got different
> exception. 
> Why it's using java.net.PlainSocketImpl to make the connection? 
> I don't understand why the same client has different path when
> connecting to
> different severs?
> 
> Caused by: com.ctc.wstx.exc.WstxIOException: wjcp7meduat1.medpoint.com
> 	at
> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> 	at
>
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(
> AbstractOutDatabindingInterceptor.java:73)
> 	... 8 more
> Caused by: java.net.UnknownHostException: wjcp7meduat1.medpoint.com
> 	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
> 	at java.net.Socket.connect(Socket.java:507)
> 	at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
> 	at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
> 	at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
> 	at
> sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:278)
> 	at
> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:335)
> 	at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttp
> Client(AbstractDelegateHttpsURLConnection.java:176)
> 	at
>
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnecti
> on.java:744)
> 	at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
> stractDelegateHttpsURLConnection.java:162)
> 	at
>
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConne
> ction.java:836)
> 	at
>
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsU
> RLConnectionImpl.java:230)
> 	at
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHead
> ersTrustCaching(HTTPConduit.java:1766)
> 	at
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWri
> te(HTTPConduit.java:1734)
> 	at
>
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
> tStream.java:42)
> 	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
> 	at
> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> 	at
> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> -- 
> View this message in context:
> http://www.nabble.com/client-SSL-question-tp15564062p15564062.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
> 
> 

-- 
View this message in context:
http://www.nabble.com/client-SSL-question-tp15564062p15612171.html
Sent from the cxf-user mailing list archive at Nabble.com.

----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

Mime
View raw message