cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <glen.ma...@verizon.net>
Subject RE: Problems in using TLS
Date Tue, 01 Apr 2008 22:40:56 GMT
Brendan,

What happens if you use "SSL" instead of "TLS"?  AFAIK they are
synonyms.

Regards,
Glen

Am Dienstag, den 01.04.2008, 13:27 +0200 schrieb Brendan Maguire
(brmaguir):
> Thanks for the reply Daniel.
> 
> I tried using the 2.0.5 libraries but am still getting the exact same
> errors.
> 
> Am I setting it up correctly using the cxf.xml file? Any other ideas on
> what the problem could be?
> 
> Cheers,
> Brenan
> 
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org] 
> Sent: 27 March 2008 18:38
> To: cxf-user@incubator.apache.org
> Cc: Brendan Maguire (brmaguir)
> Subject: Re: Problems in using TLS
> 
> 
> I don't suppose there would be any chance of you trying the 2.0.5 stuff
> we're voting on?
> http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/
> 
> I made some changes to the TLS stuff in 2.0.5 to make it work better and
> with less configuration.
> 
> Dan
> 
> 
> 
> On Thursday 27 March 2008, brmaguir wrote:
> > Hey,
> >
> > I'm trying to communicate with a web service using Apache CXF using 
> > TLS. When I specify TLS in the cxf.xml file using:
> >
> >                 <http-conf:tlsClientParameters 
> > secureSocketProtocol="TLS"> <sec:trustManagers>
> > 				<sec:keyStore password="password"
> > url="file:\C:/path/to/keystore"/> </sec:trustManagers>
> > 			<sec:cipherSuitesFilter>
> > 				<sec:include>.*.*.</sec:include>
> > 			</sec:cipherSuitesFilter>
> > 		</http-conf:tlsClientParameters>
> >
> > it is failing with the following error:
> >
> > 27-Mar-2008 11:06:03 org.apache.cxf.phase.PhaseInterceptorChain
> > doIntercept INFO: Interceptor has thrown exception, unwinding now
> > org.apache.cxf.interceptor.Fault: Connection reset
> > 	at
> > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
> >s(AbstractOutDat abindingInterceptor.java:75)
> > 	at
> > org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInt
> >erceptor.java:68 )
> > 	at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> >rChain.java:207) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135
> >) at $Proxy35.login(Unknown Source)
> > 	at thirdPartyAPI.test.Test.loginAppuser(Test.java:135)
> > 	at thirdPartyAPI.test.Test.main(Test.java:61)
> > Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset
> > 	at
> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> > 	at
> > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
> >s(AbstractOutDat abindingInterceptor.java:73)
> > 	... 9 more
> > Caused by: java.net.SocketException: Connection reset
> > 	at java.net.SocketInputStream.read(Unknown Source)
> > 	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown
> Source)
> > 	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
> > 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source) at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unk
> >nown Source)
> > 	at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > 	at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > 	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source) at
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> >Unknown Source)
> > 	at
> > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> > Source)
> > 	at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unkn
> >own Source)
> > 	at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
> >adersTrustCachin g(HTTPConduit.java:1766)
> > 	at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
> >rite(HTTPConduit .java:1734)
> > 	at
> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
> >putStream.java:4 2)
> > 	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
> > 	at
> > com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> > at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> > ... 10 more
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> > Connection reset
> > 	at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:175
> >) at $Proxy35.login(Unknown Source)
> > 	at thirdPartyAPI.test.Test.loginAppuser(Test.java:135)
> > 	at thirdPartyAPI.test.Test.main(Test.java:61)
> > Caused by: org.apache.cxf.interceptor.Fault: Connection reset
> > 	at
> > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
> >s(AbstractOutDat abindingInterceptor.java:75)
> > 	at
> > org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInt
> >erceptor.java:68 )
> > 	at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> >rChain.java:207) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135
> >) ... 3 more
> > Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset
> > 	at
> com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> > 	at
> > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePart
> >s(AbstractOutDat abindingInterceptor.java:73)
> > 	... 9 more
> > Caused by: java.net.SocketException: Connection reset
> > 	at java.net.SocketInputStream.read(Unknown Source)
> > 	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown
> Source)
> > 	at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
> > 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source) at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unk
> >nown Source)
> > 	at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > 	at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> > 	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source) at
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> >Unknown Source)
> > 	at
> > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> > Source)
> > 	at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unkn
> >own Source)
> > 	at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
> >adersTrustCachin g(HTTPConduit.java:1766)
> > 	at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
> >rite(HTTPConduit .java:1734)
> > 	at
> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
> >putStream.java:4 2)
> > 	at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
> > 	at
> > com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
> > at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
> > ... 10 more
> >
> >
> > When I look at the trace in wireshark it shows the outgoing message 
> > from the CXF client as been SSLv2. The server then sends back a TCP 
> > RST. I've also tried using "TLSv1" and "SSLv3" as the protocol but the
> 
> > client uses SSLv2 regardless.
> >
> > I've also tried specifying the protocol via the code using:
> >
> >                 Client c = ClientProxy.getClient(port);
> > 		HTTPConduit conduit = (HTTPConduit) c.getConduit();
> > 		TLSClientParameters params =
> conduit.getTlsClientParameters();
> > 		params.setSecureSocketProtocol("TLS");
> > 		conduit.setTlsClientParameters(params);
> >
> > This still makes no difference.
> >
> > Any ideas on what's going wrong / how to fix it? Any help would be 
> > greatly appreciated.
> >
> > Regards,
> > Brendan
> 
> 
> 
> --
> J. Daniel Kulp
> Principal Engineer, IONA
> dkulp@apache.org
> http://www.dankulp.com/blog


Mime
View raw message