directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucas Theisen <lucasthei...@pastdev.com>
Subject Re: Can't connect with TLS/SSL
Date Wed, 06 Apr 2016 21:23:29 GMT
Did you ensure that your Java trust store contains the certificate
authority that signed your server certificate?
On Apr 6, 2016 5:15 PM, "Frank Crow" <fjcrow2008@gmail.com> wrote:

> Can anyone help me figure out how to debug this?   I have an OpenLDAP
> server on the backend and everything else (i.e., command line tools or C++
> code) can connect to it with simple binds and TLS but our application with
> the Apache LDAP API cannot.
>
> It always gives us "SSL Handshake failed" and this stack dump:
>
> 2016-04-06 21:05:41,145 ERROR unable to bind connection: SSL handshake
> > failed.
> > 2016-04-06 21:05:41,145 DEBUG unable to bind connection:
> >
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> > SSL handshake failed.
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4005)
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1218)
> > at
> >
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1116)
> > at
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127)
> > at
> >
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
> > at
> >
> org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.bindConnection(DefaultLdapConnectionFactory.java:64)
> > at
> >
> org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.newLdapConnection(DefaultLdapConnectionFactory.java:107)
> > at
> >
> org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:129)
> > at
> >
> org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:44)
> > at
> >
> org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1188)
> > at
> >
> org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:123)
> > at
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.search(LdapConnectionTemplate.java:666)
> > at
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:607)
> > at
> >
> org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:581)
> > at
> > csa.ums.ldap.wrapper.LdapWrapper$LdapConnectionMonitorWorker.run(Unknown
> > Source)
> > at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> > at
> >
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> > at
> >
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:745)
> > 2016-04-06 21:05:41,146 WARN  [LDAP Service Interruption] Connection to
> > the LDAP server a22a1a19 failed:
> >
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> > SSL handshake failed.
> > 2016-04-06 21:05:41,146 INFO  [LDAP Service Interruption] Switching to
> > server localhost
> > 2016-04-06 21:05:41,148 DEBUG found X509TrustManager
> > sun.security.ssl.X509TrustManagerImpl@32eabe1d
> > 2016-04-06 21:05:41,148 DEBUG creating new connection template from
> > connectionPool
>
>
> I can provide a clip of the code if necessary but I was hoping on methods
> of debugging this ourselves.
>
>
> Thanks,
> --
> Frank
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message