geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zakharov, Vasily M" <vasily.m.zakha...@intel.com>
Subject RE: TLS instead of SSL?
Date Wed, 05 Dec 2007 17:14:27 GMT
Jarek,

Thank you very much, it seems that helped.

The next stack is JKS keystore implementation is missing, but that's a
known issue GERONIMO-2015.
I'll try to update the patches there somehow.

Thanks!

Vasily


-----Original Message-----
From: Jarek Gawor [mailto:jgawor@gmail.com] 
Sent: Wednesday, December 05, 2007 7:22 PM
To: user@geronimo.apache.org
Subject: Re: TLS instead of SSL?

Vasily,

Try configuring CORBASSLConfig gbean as shown below into
j2ee-corba-yoko module (instead of removing or disabling things):

    <ns2:module
name="org.apache.geronimo.configs/j2ee-corba-yoko/2.1-SNAPSHOT/car">
        <ns2:gbean name="CORBASSLConfig">
              <ns2:attribute name="protocol">TLS</ns2:attribute>
        </ns2:gbean>
    ...

Also, jetty looks like is already configured with TLS (unless that
info is not getting propagated correctly).

Jarek

On Dec 5, 2007 9:44 AM, Zakharov, Vasily M <vasily.m.zakharov@intel.com>
wrote:
>
>
>
>
> Hi, David,
>
>
>
> I've removed the following sections from config.xml:
>
>
>
> <gbean name="Server">
>
> <attribute name="port">${ORBSSLPort + PortOffset}</attribute>
>
> <attribute name="host">${ORBSSLHost}</attribute>
>
> </gbean>
>
> <gbean name="JettySSLConnector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${HTTPSPortPrimary + PortOffset}</attribute>
>
> </gbean>
>
>
>
> and also the following redirectPort tags:
>
>
>
> <gbean name="JettyWebConnector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${HTTPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name="redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
> <gbean name="JettyAJP13Connector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${AJPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name="redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
>
>
> but the stack remains the same:
>
>
>
> 17:25:30,836 ERROR [SocketFactory] Unable to create server SSL socket
> factory
>
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to
create
> SSL Context
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte
xt(FileKeystoreManager.java:354)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe
rFactory(FileKeystoreManager.java:296)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCG
LIB$$4d9d2a71.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB
$$bf6fcb72.createSSLServerFactory(<generated>)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig.createSSLServerF
actory(SSLConfig.java:112)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig$$FastClassByCGLI
B$$437ec1a5.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig$$EnhancerByCGLIB
$$55d3f0dd.createSSLServerFactory(<generated>)
>
>         at
>
org.apache.geronimo.yoko.SocketFactory.getServerSocketFactory(SocketFact
ory.java:404)
>
>         at
>
org.apache.geronimo.yoko.SocketFactory.createServerSocket(SocketFactory.
java:317)
>
>         at
>
org.apache.yoko.orb.OCI.IIOP.Acceptor_impl.<init>(Acceptor_impl.java:461
)
>
>         at
>
org.apache.yoko.orb.OCI.IIOP.AccFactory_impl.create_acceptor(AccFactory_
impl.java:157)
>
>         at
>
org.apache.yoko.orb.OBPortableServer.POAManagerFactory_impl.create_POAMa
nager(POAManagerFactory_impl.java:251)
>
>         at
>
org.apache.yoko.orb.OB.ORBControl.initializeRootPOA(ORBControl.java:516)
>
>         at
>
org.apache.yoko.orb.OBCORBA.ORB_impl.resolve_initial_references(ORB_impl
.java:1095)
>
>         at
org.apache.geronimo.corba.CORBABean.doStart(CORBABean.java:243)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInst
ance.java:996)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB
eanInstanceState.java:268)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance
State.java:102)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java
:539)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBean
Dependency.java:111)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDepende
ncy.java:146)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDepende
ncy.java:120)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(
BasicLifecycleMonitor.java:176)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicL
ifecycleMonitor.java:44)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroad
caster.fireRunningEvent(BasicLifecycleMonitor.java:254)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB
eanInstanceState.java:294)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance
State.java:102)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBea
nInstanceState.java:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInst
ance.java:553)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKe
rnel.java:379)
>
>         at
>
org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGB
eans(ConfigurationUtil.java:448)
>
>         at
>
org.apache.geronimo.kernel.config.KernelConfigurationManager.start(Kerne
lConfigurationManager.java:187)
>
>         at
>
org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfig
uration(SimpleConfigurationManager.java:530)
>
>         at
>
org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassB
yCGLIB$$ce77a924.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.kernel.config.EditableConfigurationManager$$Enhancer
ByCGLIB$$ce332814.startConfiguration(<generated>)
>
>         at
>
org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.
java:156)
>
>         at
>
org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.ja
va:78)
>
>         at
>
org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainC
onfigurationBootstrapper.java:45)
>
>         at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>
>         at
org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at org.apache.harmony.vm.JarRunner.main(JarRunner.java:80)
>
> Caused by: java.lang.reflect.InvocationTargetException
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte
xt(FileKeystoreManager.java:345)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe
rFactory(FileKeystoreManager.java:296)
>
>         ... 62 more
>
> Caused by: java.security.NoSuchAlgorithmException: SSLContext SSL
> implementation not found
>
>         at
>
org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:105)
>
>         at javax.net.ssl.SSLContext.getInstance(SSLContext.java:79)
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         ... 65 more
>
>
>
> Thank you!
>
>
>
> Vasily
>
>
>
>
>
>
>
> -----Original Message-----
>
> From: David Jencks [mailto:david_jencks@yahoo.com]
>
> Sent: Wednesday, December 05, 2007 3:24 AM
>
> To: user@geronimo.apache.org
>
> Subject: Re: TLS instead of SSL?
>
>
>
>
>
> On Dec 4, 2007, at 3:10 PM, Zakharov, Vasily M wrote:
>
>
>
> > Hi, all,
>
> >
>
> > Can Geronimo be tuned to use TLS instead of SSL?
>
> > Or, can it be tuned to not use SSL at all?
>
>
>
> I don't think anyone has tried this before.  You might be able to
>
> disable any gbeans that need ssl.  Without a stack trace its hard to
>
> guess where these might be but a start might be  the https
>
> connectors.  If this doesn't work a stack trace would be helpful.
>
> >
>
> > I'm trying to run Geronimo 2.0.2 on Apache Harmony, and it fails to
>
> > start because Harmony doesn't have SSL implementation, though is has
>
> > TLS.
>
>
>
> It's great to see someone working on G + H !
>
>
>
> thanks
>
> david jencks
>
>
>
> >
>
> > Thanks!
>
> >
>
> > Vasily Zakharov
>
> > Intel ESSD
>
> > --------------------------------------------------------------------
>
> > Closed Joint Stock Company Intel A/O
>
> > Registered legal address: 125252, Moscow, Russian Federation,
>
> > Chapayevsky Per, 14.
>
> >
>
> > This e-mail and any attachments may contain confidential material
for
>
> > the sole use of the intended recipient(s). Any review or
distribution
>
> > by others is strictly prohibited. If you are not the intended
>
> > recipient, please contact the sender and delete all copies.
>
>
>
>  --------------------------------------------------------------------
> Closed Joint Stock Company Intel A/O
> Registered legal address: 125252, Moscow, Russian Federation,
> Chapayevsky Per, 14.
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
>
--------------------------------------------------------------------
Closed Joint Stock Company Intel A/O
Registered legal address: 125252, Moscow, Russian Federation, 
Chapayevsky Per, 14.

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Mime
View raw message