cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xinxinwang <wang_xin...@bah.com>
Subject Re: CXF Client: Software caused connection abort: recv failed
Date Fri, 04 Sep 2009 14:00:39 GMT

Thanks for the info. I turn the debug on and got more info:

09:52:05,298 INFO  [STDOUT] http-127.0.0.1-443-1, handling exception:
javax.net.
ssl.SSLHandshakeException: null cert chain

Any idea?

Xinxin


dkulp wrote:
> 
> 
> All I can suggest is to check the server logs for any information there as 
> well as try setting the system property:
>  -Djavax.net.debug=all
> and kind of trace through what the ssl handshake is doing.   Might reveal
> a 
> strange key being used or something.
> 
> Dan
> 
> 
> On Wed September 2 2009 10:47:53 am xinxinwang wrote:
>> I deployed my service on JBoss 4.2.3/JDK 1.6.0_10 with port 443 over SSL
>>  with the following connector:
>> 
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>>     maxThreads="150" scheme="https" secure="true" clientAuth="true"
>> address="${jboss.bind.address}"
>>     keystoreFile="${jboss.server.home.dir}/conf/server.keystore.jks"
>> keystorePass="testit"
>>     truststoreFile="${jboss.server.home.dir}/conf/client.keystore.jks"
>> truststorePass="testit"
>>     sslProtocol="TLS">
>> </Connector>
>> 
>> I created both server.keystore.jks and client.keystore.jks using JDK
>>  keytool with RSA algorithm.
>> 
>> My client is located on the same machine. I am using
>> https://localhost:443/....  to connect to the service.
>> I am using the following code to set up the httpconduit and invoke the
>> service:
>> 
>> 
>> 	Service service = Service.create(new QName(namespace, serviceName));
>> 	QName portQName = new QName(namespace, portTypeName);
>> 	service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING, endPoint);
>> 	dispPayload = service.createDispatch(portQName, Source.class,
>> Service.Mode.PAYLOAD);
>> 	BindingProvider bp = (BindingProvider)service.getPort(portQName,
>> Source.class);
>> 
>> 	HTTPConduit httpConduit =
>> (HTTPConduit)ClientProxy.getClient(bp).getConduit();
>> 	TLSClientParameters tlsParams = new TLSClientParameters();
>> 	tlsParams.setDisableCNCheck(true);
>> 
>> 	KeyStore trustStore = KeyStore.getInstance("JKS");
>> 	String trustpass = "testit";//provide trust pass
>> 	InputStream trustStream =
>> Thread.currentThread().getContextClassLoader().getResourceAsStream("server.
>> keystore.jks"); trustStore.load(trustStream, trustpass.toCharArray());
>> 	TrustManagerFactory trustFactory =
>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>> 	trustFactory.init(trustStore);
>> 	TrustManager[] tm = trustFactory.getTrustManagers();
>> 	tlsParams.setTrustManagers(tm);
>> 
>> 	KeyStore keyStore = KeyStore.getInstance("JKS");
>> 	String keypass = "testit";//provide client keystore pass
>> 	InputStream keyStream =
>> Thread.currentThread().getContextClassLoader().getResourceAsStream("client.
>> keystore.jks"); keyStore.load(keyStream, keypass.toCharArray());
>> 	KeyManagerFactory keyFactory =
>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>> 	keyFactory.init(keyStore, keypass.toCharArray());
>> 	KeyManager[] km = keyFactory.getKeyManagers();
>> 	tlsParams.setKeyManagers(km);
>> 
>> 	FiltersType filter = new FiltersType();
>> 	filter.getInclude().add(".*_EXPORT_.*");
>> 	filter.getInclude().add(".*_EXPORT1024_.*");
>> 	filter.getInclude().add(".*_WITH_DES_.*");
>> 	filter.getInclude().add(".*_WITH_NULL_.*");
>> 	filter.getExclude().add(".*_DH_anon_.*");
>> 	tlsParams.setCipherSuitesFilter(filter);//set all the needed include and
>> exclude filters.
>> 
>> 	httpConduit.setTlsClientParameters(tlsParams);
>> 
>> 
>> 	InputStream inputStream =
>> Thread.currentThread().getContextClassLoade().getResourceAsStream(request);
>> 
>> 	DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
>> 	factory.setNamespaceAware(true);
>> 	DocumentBuilder builder = factory.newDocumentBuilder();
>> 	Document document = builder.parse(inputStream);
>> 	Source requestSource = new DOMSource(document);
>> 
>> 	Source response = dispPayload.invoke(requestSource);
>> 
>> When I run the client code, I got the following Exception at the line
>>  above:
>> 
>> 	org.apache.cxf.interceptor.Fault: Could not send Message.
>> 	at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:64) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:236) at
>>  org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471) at
>>  org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301) at
>>  org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253) at
>>  org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:288) at
>>  org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:257) at
>>  org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:195) at
>> mil.army.soa.adsl.client.DataServiceClient.retrieve(DataServiceClient.java:
>> 115) at
>> mil.army.soa.adsl.tester.DataServiceTester.main(DataServiceTester.java:37)
>> Caused by: java.net.SocketException: Software caused connection abort:
>> recv
>> failed
>> 	at java.net.SocketInputStream.socketRead0(Native Method)
>> 	at java.net.SocketInputStream.read(SocketInputStream.java:129)
>> 	at
>>  com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>>  at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:78
>> 9) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:
>> 1435) at
>> com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.ja
>> va:103) at
>> com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.jav
>> a:612) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Cli
>> entHandshaker.java:868) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandsha
>> ker.java:794) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshak
>> er.java:226) at
>>  com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
>>  at
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
>> 	at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:88
>> 4) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocke
>> tImpl.java:1096) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav
>> a:1123) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav
>> a:1107) at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
>> 	at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr
>> actDelegateHttpsURLConnection.java:166) at
>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnecti
>> on.java:881) at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLC
>> onnectionImpl.java:230) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeaders
>> TrustCaching(HTTPConduit.java:1909) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(
>> HTTPConduit.java:1864) at
>> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputSt
>> ream.java:42) at
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>> utStream.java:69) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>> duit.java:1927) at
>>  org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> at
>>  org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:62) ... 9 more
>> 
>> If I set the clientAuth="false", I do not get this exception.
>> 
>> Thanks for any help,
>> 
>> Xinxin
>> 
> 
> -- 
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
> 
> 

-- 
View this message in context: http://www.nabble.com/CXF-Client%3A-Software-caused-connection-abort%3A-recv-failed-tp25259046p25294876.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message