geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor" <jga...@gmail.com>
Subject Re: TLS instead of SSL?
Date Wed, 05 Dec 2007 16:22:25 GMT
Vasily,

Try configuring CORBASSLConfig gbean as shown below into
j2ee-corba-yoko module (instead of removing or disabling things):

    <ns2:module
name="org.apache.geronimo.configs/j2ee-corba-yoko/2.1-SNAPSHOT/car">
        <ns2:gbean name="CORBASSLConfig">
              <ns2:attribute name="protocol">TLS</ns2:attribute>
        </ns2:gbean>
    ...

Also, jetty looks like is already configured with TLS (unless that
info is not getting propagated correctly).

Jarek

On Dec 5, 2007 9:44 AM, Zakharov, Vasily M <vasily.m.zakharov@intel.com> wrote:
>
>
>
>
> Hi, David,
>
>
>
> I've removed the following sections from config.xml:
>
>
>
> <gbean name="Server">
>
> <attribute name="port">${ORBSSLPort + PortOffset}</attribute>
>
> <attribute name="host">${ORBSSLHost}</attribute>
>
> </gbean>
>
> <gbean name="JettySSLConnector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${HTTPSPortPrimary + PortOffset}</attribute>
>
> </gbean>
>
>
>
> and also the following redirectPort tags:
>
>
>
> <gbean name="JettyWebConnector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${HTTPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name="redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
> <gbean name="JettyAJP13Connector">
>
> <attribute name="host">${ServerHostname}</attribute>
>
> <attribute name="port">${AJPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name="redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
>
>
> but the stack remains the same:
>
>
>
> 17:25:30,836 ERROR [SocketFactory] Unable to create server SSL socket
> factory
>
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to create
> SSL Context
>
>         at
> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:354)
>
>         at
> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:296)
>
>         at
> org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCGLIB$$4d9d2a71.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>
>         at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>
>         at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>
>         at
> org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB$$bf6fcb72.createSSLServerFactory(<generated>)
>
>         at
> org.apache.geronimo.corba.security.config.ssl.SSLConfig.createSSLServerFactory(SSLConfig.java:112)
>
>         at
> org.apache.geronimo.corba.security.config.ssl.SSLConfig$$FastClassByCGLIB$$437ec1a5.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>
>         at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>
>         at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>
>         at
> org.apache.geronimo.corba.security.config.ssl.SSLConfig$$EnhancerByCGLIB$$55d3f0dd.createSSLServerFactory(<generated>)
>
>         at
> org.apache.geronimo.yoko.SocketFactory.getServerSocketFactory(SocketFactory.java:404)
>
>         at
> org.apache.geronimo.yoko.SocketFactory.createServerSocket(SocketFactory.java:317)
>
>         at
> org.apache.yoko.orb.OCI.IIOP.Acceptor_impl.<init>(Acceptor_impl.java:461)
>
>         at
> org.apache.yoko.orb.OCI.IIOP.AccFactory_impl.create_acceptor(AccFactory_impl.java:157)
>
>         at
> org.apache.yoko.orb.OBPortableServer.POAManagerFactory_impl.create_POAManager(POAManagerFactory_impl.java:251)
>
>         at
> org.apache.yoko.orb.OB.ORBControl.initializeRootPOA(ORBControl.java:516)
>
>         at
> org.apache.yoko.orb.OBCORBA.ORB_impl.resolve_initial_references(ORB_impl.java:1095)
>
>         at org.apache.geronimo.corba.CORBABean.doStart(CORBABean.java:243)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:996)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:539)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:111)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:146)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:120)
>
>         at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:176)
>
>         at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>
>         at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:254)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:294)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
>
>         at
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
>
>         at
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
>
>         at
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
>
>         at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
>
>         at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>
>         at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>
>         at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>
>         at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>
>         at
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$ce332814.startConfiguration(<generated>)
>
>         at
> org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
>
>         at
> org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
>
>         at
> org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
>
>         at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>
>         at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
>
>         at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at org.apache.harmony.vm.JarRunner.main(JarRunner.java:80)
>
> Caused by: java.lang.reflect.InvocationTargetException
>
>         at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at
> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLContext(FileKeystoreManager.java:345)
>
>         at
> org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServerFactory(FileKeystoreManager.java:296)
>
>         ... 62 more
>
> Caused by: java.security.NoSuchAlgorithmException: SSLContext SSL
> implementation not found
>
>         at
> org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:105)
>
>         at javax.net.ssl.SSLContext.getInstance(SSLContext.java:79)
>
>         at java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         ... 65 more
>
>
>
> Thank you!
>
>
>
> Vasily
>
>
>
>
>
>
>
> -----Original Message-----
>
> From: David Jencks [mailto:david_jencks@yahoo.com]
>
> Sent: Wednesday, December 05, 2007 3:24 AM
>
> To: user@geronimo.apache.org
>
> Subject: Re: TLS instead of SSL?
>
>
>
>
>
> On Dec 4, 2007, at 3:10 PM, Zakharov, Vasily M wrote:
>
>
>
> > Hi, all,
>
> >
>
> > Can Geronimo be tuned to use TLS instead of SSL?
>
> > Or, can it be tuned to not use SSL at all?
>
>
>
> I don't think anyone has tried this before.  You might be able to
>
> disable any gbeans that need ssl.  Without a stack trace its hard to
>
> guess where these might be but a start might be  the https
>
> connectors.  If this doesn't work a stack trace would be helpful.
>
> >
>
> > I'm trying to run Geronimo 2.0.2 on Apache Harmony, and it fails to
>
> > start because Harmony doesn't have SSL implementation, though is has
>
> > TLS.
>
>
>
> It's great to see someone working on G + H !
>
>
>
> thanks
>
> david jencks
>
>
>
> >
>
> > Thanks!
>
> >
>
> > Vasily Zakharov
>
> > Intel ESSD
>
> > --------------------------------------------------------------------
>
> > Closed Joint Stock Company Intel A/O
>
> > Registered legal address: 125252, Moscow, Russian Federation,
>
> > Chapayevsky Per, 14.
>
> >
>
> > This e-mail and any attachments may contain confidential material for
>
> > the sole use of the intended recipient(s). Any review or distribution
>
> > by others is strictly prohibited. If you are not the intended
>
> > recipient, please contact the sender and delete all copies.
>
>
>
>  --------------------------------------------------------------------
> Closed Joint Stock Company Intel A/O
> Registered legal address: 125252, Moscow, Russian Federation,
> Chapayevsky Per, 14.
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
>

Mime
View raw message