Return-Path: 
 <user-return-8526-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 25833 invoked from network); 5 Dec 2007 17:15:10 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 5 Dec 2007 17:15:10 -0000
Received: (qmail 74719 invoked by uid 500); 5 Dec 2007 17:14:59 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 74140 invoked by uid 500); 5 Dec 2007 17:14:57 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 74129 invoked by uid 99); 5 Dec 2007 17:14:57 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2007 09:14:57 -0800
X-ASF-Spam-Status: No, hits=-4.0 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [192.55.52.93] (HELO mga11.intel.com) (192.55.52.93)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2007 17:14:58 +0000
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga102.fm.intel.com with ESMTP; 05 Dec 2007 09:14:36 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.23,255,1194249600";
   d="scan'208";a="225368821"
Received: from fmsmsx333.amr.corp.intel.com ([132.233.42.2])
  by fmsmga002.fm.intel.com with ESMTP; 05 Dec 2007 09:14:33 -0800
Received: from mssmsx411.ccr.corp.intel.com ([10.125.144.12]) by
 fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Wed, 5 Dec 2007 09:14:33 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: TLS instead of SSL?
Date: Wed, 5 Dec 2007 20:14:27 +0300
Message-ID: 
 <3D8E84095C6A524A985B787423094E4001921FA9@mssmsx411.ccr.corp.intel.com>
In-Reply-To: <5eb405c70712050822j25c7e13nad46bba7522403c0@mail.gmail.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: TLS instead of SSL?
Thread-Index: Acg3Wyet0LnI0WxQTpGsg8ITlz8TcwABl3wQ
References: 
 <3D8E84095C6A524A985B787423094E40018DD3C4@mssmsx411.ccr.corp.intel.com>
 <9777A5DD-35C8-41DD-8248-B063CBFEEE56@yahoo.com>
 <3D8E84095C6A524A985B787423094E4001921F39@mssmsx411.ccr.corp.intel.com>
 <5eb405c70712050822j25c7e13nad46bba7522403c0@mail.gmail.com>
From: "Zakharov, Vasily M" <vasily.m.zakharov@intel.com>
To: <user@geronimo.apache.org>
X-OriginalArrivalTime: 05 Dec 2007 17:14:33.0072 (UTC)
 FILETIME=[4DBE9F00:01C83762]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

Jarek,

Thank you very much, it seems that helped.

The next stack is JKS keystore implementation is missing, but that's a
known issue GERONIMO-2015.
I'll try to update the patches there somehow.

Thanks!

Vasily


-----Original Message-----
From: Jarek Gawor [mailto:jgawor@gmail.com]=20
Sent: Wednesday, December 05, 2007 7:22 PM
To: user@geronimo.apache.org
Subject: Re: TLS instead of SSL?

Vasily,

Try configuring CORBASSLConfig gbean as shown below into
j2ee-corba-yoko module (instead of removing or disabling things):

    <ns2:module
name=3D"org.apache.geronimo.configs/j2ee-corba-yoko/2.1-SNAPSHOT/car">
        <ns2:gbean name=3D"CORBASSLConfig">
              <ns2:attribute name=3D"protocol">TLS</ns2:attribute>
        </ns2:gbean>
    ...

Also, jetty looks like is already configured with TLS (unless that
info is not getting propagated correctly).

Jarek

On Dec 5, 2007 9:44 AM, Zakharov, Vasily M <vasily.m.zakharov@intel.com>
wrote:
>
>
>
>
> Hi, David,
>
>
>
> I've removed the following sections from config.xml:
>
>
>
> <gbean name=3D"Server">
>
> <attribute name=3D"port">${ORBSSLPort + PortOffset}</attribute>
>
> <attribute name=3D"host">${ORBSSLHost}</attribute>
>
> </gbean>
>
> <gbean name=3D"JettySSLConnector">
>
> <attribute name=3D"host">${ServerHostname}</attribute>
>
> <attribute name=3D"port">${HTTPSPortPrimary + PortOffset}</attribute>
>
> </gbean>
>
>
>
> and also the following redirectPort tags:
>
>
>
> <gbean name=3D"JettyWebConnector">
>
> <attribute name=3D"host">${ServerHostname}</attribute>
>
> <attribute name=3D"port">${HTTPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name=3D"redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
> <gbean name=3D"JettyAJP13Connector">
>
> <attribute name=3D"host">${ServerHostname}</attribute>
>
> <attribute name=3D"port">${AJPPortPrimary + PortOffset}</attribute>
>
> <!-- attribute name=3D"redirectPort">${HTTPSPortPrimary +
> PortOffset}</attribute -->
>
> </gbean>
>
>
>
> but the stack remains the same:
>
>
>
> 17:25:30,836 ERROR [SocketFactory] Unable to create server SSL socket
> factory
>
> org.apache.geronimo.management.geronimo.KeystoreException: Unable to
create
> SSL Context
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte
xt(FileKeystoreManager.java:354)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe
rFactory(FileKeystoreManager.java:296)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager$$FastClassByCG
LIB$$4d9d2a71.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.management.geronimo.KeystoreManager$$EnhancerByCGLIB
$$bf6fcb72.createSSLServerFactory(<generated>)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig.createSSLServerF
actory(SSLConfig.java:112)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig$$FastClassByCGLI
B$$437ec1a5.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.corba.security.config.ssl.SSLConfig$$EnhancerByCGLIB
$$55d3f0dd.createSSLServerFactory(<generated>)
>
>         at
>
org.apache.geronimo.yoko.SocketFactory.getServerSocketFactory(SocketFact
ory.java:404)
>
>         at
>
org.apache.geronimo.yoko.SocketFactory.createServerSocket(SocketFactory.
java:317)
>
>         at
>
org.apache.yoko.orb.OCI.IIOP.Acceptor_impl.<init>(Acceptor_impl.java:461
)
>
>         at
>
org.apache.yoko.orb.OCI.IIOP.AccFactory_impl.create_acceptor(AccFactory_
impl.java:157)
>
>         at
>
org.apache.yoko.orb.OBPortableServer.POAManagerFactory_impl.create_POAMa
nager(POAManagerFactory_impl.java:251)
>
>         at
>
org.apache.yoko.orb.OB.ORBControl.initializeRootPOA(ORBControl.java:516)
>
>         at
>
org.apache.yoko.orb.OBCORBA.ORB_impl.resolve_initial_references(ORB_impl
.java:1095)
>
>         at
org.apache.geronimo.corba.CORBABean.doStart(CORBABean.java:243)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInst
ance.java:996)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB
eanInstanceState.java:268)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance
State.java:102)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java
:539)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBean
Dependency.java:111)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDepende
ncy.java:146)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDepende
ncy.java:120)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(
BasicLifecycleMonitor.java:176)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicL
ifecycleMonitor.java:44)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroad
caster.fireRunningEvent(BasicLifecycleMonitor.java:254)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GB
eanInstanceState.java:294)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstance
State.java:102)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBea
nInstanceState.java:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInst
ance.java:553)
>
>         at
>
org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKe
rnel.java:379)
>
>         at
>
org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGB
eans(ConfigurationUtil.java:448)
>
>         at
>
org.apache.geronimo.kernel.config.KernelConfigurationManager.start(Kerne
lConfigurationManager.java:187)
>
>         at
>
org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfig
uration(SimpleConfigurationManager.java:530)
>
>         at
>
org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassB
yCGLIB$$ce77a924.invoke(<generated>)
>
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>
>         at
>
org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInv
oker.java:38)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.j
ava:124)
>
>         at
>
org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.jav
a:830)
>
>         at
>
org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>
>         at
>
org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperation
Invoker.java:35)
>
>         at
>
org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyM
ethodInterceptor.java:96)
>
>         at
>
org.apache.geronimo.kernel.config.EditableConfigurationManager$$Enhancer
ByCGLIB$$ce332814.startConfiguration(<generated>)
>
>         at
>
org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.
java:156)
>
>         at
>
org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.ja
va:78)
>
>         at
>
org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainC
onfigurationBootstrapper.java:45)
>
>         at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>
>         at
org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at org.apache.harmony.vm.JarRunner.main(JarRunner.java:80)
>
> Caused by: java.lang.reflect.InvocationTargetException
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         at java.lang.reflect.Method.invoke(Method.java:317)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLConte
xt(FileKeystoreManager.java:345)
>
>         at
>
org.apache.geronimo.security.keystore.FileKeystoreManager.createSSLServe
rFactory(FileKeystoreManager.java:296)
>
>         ... 62 more
>
> Caused by: java.security.NoSuchAlgorithmException: SSLContext SSL
> implementation not found
>
>         at
>
org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:105)
>
>         at javax.net.ssl.SSLContext.getInstance(SSLContext.java:79)
>
>         at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
>
>         ... 65 more
>
>
>
> Thank you!
>
>
>
> Vasily
>
>
>
>
>
>
>
> -----Original Message-----
>
> From: David Jencks [mailto:david_jencks@yahoo.com]
>
> Sent: Wednesday, December 05, 2007 3:24 AM
>
> To: user@geronimo.apache.org
>
> Subject: Re: TLS instead of SSL?
>
>
>
>
>
> On Dec 4, 2007, at 3:10 PM, Zakharov, Vasily M wrote:
>
>
>
> > Hi, all,
>
> >
>
> > Can Geronimo be tuned to use TLS instead of SSL?
>
> > Or, can it be tuned to not use SSL at all?
>
>
>
> I don't think anyone has tried this before.  You might be able to
>
> disable any gbeans that need ssl.  Without a stack trace its hard to
>
> guess where these might be but a start might be  the https
>
> connectors.  If this doesn't work a stack trace would be helpful.
>
> >
>
> > I'm trying to run Geronimo 2.0.2 on Apache Harmony, and it fails to
>
> > start because Harmony doesn't have SSL implementation, though is has
>
> > TLS.
>
>
>
> It's great to see someone working on G + H !
>
>
>
> thanks
>
> david jencks
>
>
>
> >
>
> > Thanks!
>
> >
>
> > Vasily Zakharov
>
> > Intel ESSD
>
> > --------------------------------------------------------------------
>
> > Closed Joint Stock Company Intel A/O
>
> > Registered legal address: 125252, Moscow, Russian Federation,
>
> > Chapayevsky Per, 14.
>
> >
>
> > This e-mail and any attachments may contain confidential material
for
>
> > the sole use of the intended recipient(s). Any review or
distribution
>
> > by others is strictly prohibited. If you are not the intended
>
> > recipient, please contact the sender and delete all copies.
>
>
>
>  --------------------------------------------------------------------
> Closed Joint Stock Company Intel A/O
> Registered legal address: 125252, Moscow, Russian Federation,
> Chapayevsky Per, 14.
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
>
--------------------------------------------------------------------
Closed Joint Stock Company Intel A/O
Registered legal address: 125252, Moscow, Russian Federation,=20
Chapayevsky Per, 14.

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.