directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Crow <fjcrow2...@gmail.com>
Subject Re: Can't connect with TLS/SSL
Date Wed, 06 Apr 2016 21:38:34 GMT
I think that we did.   We have a cacert.pem that is used by all the command
line tools for that purpose.    I think our problem is in the
keystore/keymanager but I'm new to that part of Java so I'm having some
difficulty verifying that it was done correctly.   I'm saying "we" here
because this code has been worked on by various members of the team over
time (BTW).

So just to narrow down what to look at... if we have the cacert properly in
the keystore then the Apache LDAP API will find it on it's own correct?

On the LdapConnectionConfig we're setting setUseTls().   Do we also need to
setTrustManagers() as well?


Thanks,
Frank


On Wed, Apr 6, 2016 at 5:23 PM, Lucas Theisen <lucastheisen@pastdev.com>
wrote:

> Did you ensure that your Java trust store contains the certificate
> authority that signed your server certificate?
> On Apr 6, 2016 5:15 PM, "Frank Crow" <fjcrow2008@gmail.com> wrote:
>
> > Can anyone help me figure out how to debug this?   I have an OpenLDAP
> > server on the backend and everything else (i.e., command line tools or
> C++
> > code) can connect to it with simple binds and TLS but our application
> with
> > the Apache LDAP API cannot.
> >
> > It always gives us "SSL Handshake failed" and this stack dump:
> >
> > 2016-04-06 21:05:41,145 ERROR unable to bind connection: SSL handshake
> > > failed.
> > > 2016-04-06 21:05:41,145 DEBUG unable to bind connection:
> > >
> >
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> > > SSL handshake failed.
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4005)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1218)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1116)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.bindConnection(DefaultLdapConnectionFactory.java:64)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.newLdapConnection(DefaultLdapConnectionFactory.java:107)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:129)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:44)
> > > at
> > >
> >
> org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1188)
> > > at
> > >
> >
> org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:123)
> > > at
> > >
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.search(LdapConnectionTemplate.java:666)
> > > at
> > >
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:607)
> > > at
> > >
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:581)
> > > at
> > >
> csa.ums.ldap.wrapper.LdapWrapper$LdapConnectionMonitorWorker.run(Unknown
> > > Source)
> > > at
> > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> > > at
> > >
> >
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> > > at
> > >
> >
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
> > > at
> > >
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > > at
> > >
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > > at java.lang.Thread.run(Thread.java:745)
> > > 2016-04-06 21:05:41,146 WARN  [LDAP Service Interruption] Connection to
> > > the LDAP server a22a1a19 failed:
> > >
> >
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> > > SSL handshake failed.
> > > 2016-04-06 21:05:41,146 INFO  [LDAP Service Interruption] Switching to
> > > server localhost
> > > 2016-04-06 21:05:41,148 DEBUG found X509TrustManager
> > > sun.security.ssl.X509TrustManagerImpl@32eabe1d
> > > 2016-04-06 21:05:41,148 DEBUG creating new connection template from
> > > connectionPool
> >
> >
> > I can provide a clip of the code if necessary but I was hoping on methods
> > of debugging this ourselves.
> >
> >
> > Thanks,
> > --
> > Frank
> >
>



-- 
Frank

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message