hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laurent Garcia" <laurent.gar...@integro-networks.com>
Subject Re: IBMJSSE implementation issue
Date Tue, 07 Oct 2003 08:07:16 GMT
Oleg,

Thank you for your additional research, if I enable the log  I have :

DEBUG org.apache.commons.httpclient.HttpClient - Java version: 1.3.1

DEBUG org.apache.commons.httpclient.HttpClient - Java vendor: IBM
Corporation

DEBUG org.apache.commons.httpclient.HttpClient - Java class path:
C:\Laurent\wsad\workspace\Laurent
Test;C:\Laurent\wsad\lib\commons-httpclient-2.0-rc1.jar;C:\Laurent\wsad\work
space\Toolbox;C:\Program Files\IBM\WebSphere
Studio\eclipse\plugins\org.apache.xerces_4.0.7\xercesImpl.jar;C:\Program
Files\IBM\WebSphere Studio\runtimes\aes_v4_jars\lib\xerces.jar;C:\Program
Files\IBM\WebSphere
Studio\runtimes\base_v5\java\jre\lib\ext\activation.jar;C:\Laurent\wsad\lib\
jakarta-regexp-1.2.jar;C:\Laurent\wsad\lib\jce1_2_2.jar;C:\Laurent\wsad\lib\
junit.jar;C:\Laurent\wsad\lib\local_policy.jar;C:\Laurent\wsad\lib\sunjce_pr
ovider.jar;C:\Laurent\wsad\lib\US_export_policy.jar;C:\Laurent\wsad\lib\jdbc
2_0-stdext.jar;C:\Laurent\wsad\lib\struts.jar;C:\Laurent\wsad\lib\commons-co
dec-1.1.jar;C:\Program Files\IBM\WebSphere
Studio\runtimes\base_v5\java\jre\lib\ext\mail.jar;C:\Laurent\wsad\lib\log4j-
1.2.8.jar;C:\Laurent\wsad\lib\commons-logging.jar;C:\Laurent\wsad\lib\jcert.
jar;C:\Laurent\wsad\lib\jnet.jar;C:\Laurent\wsad\lib\jsse.jar;C:\Laurent\wsa
d\lib\commons-httpclient.jar

DEBUG org.apache.commons.httpclient.HttpClient - Operating system name:
Windows 2000

DEBUG org.apache.commons.httpclient.HttpClient - Operating system
architecture: x86

DEBUG org.apache.commons.httpclient.HttpClient - Operating system version:
5.0

DEBUG org.apache.commons.httpclient.HttpClient - SUN 1.2: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore)

DEBUG org.apache.commons.httpclient.HttpClient - IBMJCE 1.2: IBMJCE Provider
implements the following: HMAC-SHA1, MD2, MD5, MARS, SHA, MD2withRSA,
MD5withRSA, SHA1withRSA, RSA, SHA1withDSA, RC2, RC4, Seal)implements the
following:

Signature algorithms : SHA1withDSA, SHA1withRSA, MD5withRSA, MD2withRSA

Cipher algorithms : Blowfish, AES, DES, TripleDES, PBEWithMD2AndDES,

PBEWithMD2AndTripleDES, PBEWithMD2AndRC2,

PBEWithMD5AndDES, PBEWithMD5AndTripleDES,

PBEWithMD5AndRC2, PBEWithSHA1AndDES

PBEWithSHA1AndTripleDES, PBEWithSHA1AndRC2

PBEWithSHAAnd40BitRC2, PBEWithSHAAnd128BitRC2

PBEWithSHAAnd40BitRC4, PBEWithSHAAnd128BitRC4

PBEWithSHAAnd2KeyTripleDES, PBEWithSHAAnd3KeyTripleDES

Mars, RC2, RC4,

RSA, Seal

Message authentication code (MAC) : HmacSHA1, HmacMD2, HmacMD5

Key agreement algorithm : DiffieHellman

Key (pair) generator : Blowfish, DiffieHellman, DSA, AES, DES, TripleDES,
HmacMD5,

HmacSHA1, Mars, RC2, RC4, RSA, Seal

Message digest : MD2, MD5, SHA-1

Algorithm parameter generator : DiffieHellman, DSA

Algorithm parameter : Blowfish, DiffieHellman, AES, DES, TripleDES, DSA,
Mars,

PBEwithMD5AndDES, RC2

Key factory : DiffieHellman, DSA, RSA

Secret key factory : Blowfish, AES, DES, TripleDES, Mars, RC2, RC4, Seal

PKCS5Key, PBKDF1 and PBKDF2(PKCS5Derived Key).

Certificate : X.509

Secure random : IBMSecureRandom

Key store : JCEKS, PKCS12KS (PKCS12), JKS

DEBUG org.apache.commons.httpclient.HttpClient - IBMJSSE 1.4: IBM JSSE
provider

DEBUG org.apache.commons.httpclient.HttpClient - IBMCertPath 1.0:
IBMCertPath Provider implements the following:

CertificateFactory : X.509

CertPathValidator : PKIX

CertStore : Collection, LDAP

CertPathBuilder : PKIX

DEBUG org.apache.commons.httpclient.HttpClient - IBMPKCS11 1.2: IBMPKCS11
Provider implements the following: MD2withRSA, MD5withRSA, SHA1withRSA, RSA,
SHA1withDSA)implements the following:

Signature algorithms : SHA1withDSA, SHA1withRSA, MD5withRSA, MD2withRSA

Key (pair) generator : DSA, RSA

Algorithm parameter generator : DSA

Algorithm parameter : DSA

Certificate : X.509

Secure random : IBMSecureRandom

Key store : PKCS11 (PKCS11KS)

DEBUG org.apache.commons.httpclient.methods.GetMethod - enter
GetMethod(String)

DEBUG org.apache.commons.httpclient.HttpClient - enter
HttpClient.executeMethod(HttpMethod)

DEBUG org.apache.commons.httpclient.HttpClient - enter
HttpClient.executeMethod(HostConfiguration,HttpMethod,HttpState)

DEBUG org.apache.commons.httpclient.HttpConnection -
HttpConnection.setSoTimeout(0)

DEBUG org.apache.commons.httpclient.HttpConnection - enter
HttpConnection.open()

DEBUG org.apache.commons.httpclient.HttpConnection - enter
HttpConnection.closeSockedAndStreams()

DEBUG org.apache.commons.httpclient.HttpConnection - enter
HttpConnection.releaseConnection()

java.net.SocketException: Socket closed

at java.net.PlainSocketImpl.socketGetOption(Native Method)

at java.net.PlainSocketImpl.getOption(PlainSocketImpl.java:214)

at java.net.Socket.getSendBufferSize(Socket.java:548)

at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:700)

at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:625)

at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:500)

at com.in.laurent.HttpClientTest.main(HttpClientTest.java:62)

Exception in thread "main"



So the IBM implementation is IBMJSSE 1.4 and I will try to investigate with
IBM to solve this issue



Laurent

----- Original Message -----

From: "Kalnichevski, Oleg" <oleg.kalnichevski@bearingpoint.com>
To: "Commons HttpClient Project" <commons-httpclient-dev@jakarta.apache.org>
Cc: <laurent.garcia@integro-networks.com>
Sent: Monday, October 06, 2003 6:21 PM
Subject: RE: IBMJSSE implementation issue


Laurent,

I did some additional research and what I have found seems to only reinforce
my previous assumptions

1.) The problem is perfectly reproducible with IBM JDK and IBM JSSE. There's
no need for WAS.

[DEBUG] HttpClient - -Java version: 1.3.0
[DEBUG] HttpClient - -Java vendor: IBM Corporation
<snip>
[DEBUG] HttpClient - -Operating system name: Windows 2000
[DEBUG] HttpClient - -Operating system architecture: x86
[DEBUG] HttpClient - -Operating system version: 5.0
[DEBUG] HttpClient - -SUN 1.2: SUN (DSA key/parameter generation; DSA
signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore)
[DEBUG] HttpClient - -JSSE 1.0: IBM JSSE provider
[DEBUG] HttpClient - -IBMJCE 1.2: IBMJCE Provider implements the following:
HMAC-SHA1, MD2, MD5, MARS, SHA, MD2withRSA,
<snip>
[DEBUG] HttpConnection - -HttpConnection.setSoTimeout(0)
java.net.SocketException: Socket closed
at java.net.PlainSocketImpl.socketGetOption(Native Method)
at java.net.PlainSocketImpl.getOption(PlainSocketImpl.java:198)
at java.net.Socket.getSendBufferSize(Socket.java:526)
at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:700)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:659)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:527)
at org.apache.commons.httpclient.Test.main(Test.java:17)
Exception in thread "main"

2.) Plain socket test worked fine with the same setup.

3.) I think I know why the problem only manifests itself with newer
HttpClient versions

As you can see from the log, something goes wrong when trying to determine
send buffer size of the underlying socket implementation. This clearly looks
like a bug in the IBM JSSE.

Invocation of java.net.Socket.getSendBufferSize is a fairly new addition,
which was not there in late February.

4.) Please make sure that version of IBM JSSE that you have is indeed 1.0.3
or newer. HttpClient has been reported to fail with the similar exception
when run with IBM JSSE 1.0.2 or below. IBM JSSE 1.0.3 appears to have fixed
the aforementioned problem with the send buffer size.

Execute your test application with the debug log enabled and watch for a
similar statement

[DEBUG] HttpClient - -JSSE 1.0: IBM JSSE provider

HTH

Oleg

-----Original Message-----
From: Laurent Garcia [mailto:laurent.garcia@integro-networks.com]
Sent: Monday, October 06, 2003 14:19
To: Commons HttpClient Project
Subject: Re: IBMJSSE implementation issue


Oleg,

I try to disabling stale connection and I have still Socket closed.

I don't want to take your time but you can do a very simple, test  this code
in a servlet with WSAD 5.0 (with the default JSSE)

HttpClient httpclient = new HttpClient();

httpget = new GetMethod("https://www.verisign.com/");

httpclient.executeMethod(httpget);

I assume that I am not the only people that use http-client in a servlet in
WSAD-WAS 5.0 environment.

Laurent



----- Original Message -----
From: "Kalnichevski, Oleg" <oleg.kalnichevski@bearingpoint.com>
To: "Commons HttpClient Project" <commons-httpclient-dev@jakarta.apache.org>
Sent: Monday, October 06, 2003 11:54 AM
Subject: RE: IBMJSSE implementation issue


Laurent,

HttpClient relies on underlying JSSE library to establish SSL connections.
If there's something wrong with SSL, in the overwhelming majority of cases
it has nothing to do with HttpClient as such. Usually SSL problems are
caused by misconfigured JSSE stack.

Please refer to the troubleshooting section of our SSL guide and see if the
plain SSL socket test works for you

http://jakarta.apache.org/commons/httpclient/sslguide.html

Oleg

-----Original Message-----
From: Laurent Garcia [mailto:laurent.garcia@integro-networks.com]
Sent: Monday, October 06, 2003 11:44
To: Commons HttpClient Project
Subject: Re: IBMJSSE implementation issue


Oleg,

Thank you for your (quick) response, I edit the Manifest file (I made a copy
below) and it seems that the version is 1.03

Manifest-Version: 1.0
Created-By: Ant 1.4.1

Name: com/ibm/jsse/ com/ibm/net/ssl/www/ com/ibm/net/ssl/ com/ibm/net/ss
 l/internal/www/protocol/https/ com/ibm/net/ssl/www/protocol/http/ com/i
 bm/net/ssl/www/protocol/https/ com/ibm/pkcs11/ com/ibm/pkcs11/nat/ com/
 ibm/security/cert/ com/ibm/sslight/ com/ibm/sslite/ javax/net/ javax/ne
 t/ssl/ javax/security/cert/
IBM-Reusable-JVM-Compatible: True
Build-Level: -20021008
Implementation-Vendor: IBM Corporation
Implementation-Title: JSSE Package
Implementation-Version: 1.0.3

Laurent


----- Original Message -----
From: "Kalnichevski, Oleg" <oleg.kalnichevski@bearingpoint.com>
To: "Commons HttpClient Project" <commons-httpclient-dev@jakarta.apache.org>
Sent: Monday, October 06, 2003 11:34 AM
Subject: RE: IBMJSSE implementation issue


Laurent,

Make sure that the version of IBMJSSE library WSAD is using is 1.0.3.

Oleg

-----Original Message-----
From: Laurent Garcia [mailto:laurent.garcia@integro-networks.com]
Sent: Monday, October 06, 2003 11:30
To: commons-httpclient-dev@jakarta.apache.org
Subject: IBMJSSE implementation issue


Hi,

I was working with an old commons-httpclient lib (18/2/2003) that work
correctly for https connexion with both SUN adn IBM jsse implemention.

But I just replaced my commons-httpclient  by commons-httpclient-2.0-rc1.jar
and now it is still working with SUN but I have a systematic socked closed
error If I try this code in a sevlet (with WSAD 5.0) :
System.out.println("HttpsTestServlet starting test...");

GetMethod httpget;

try {

HttpClient httpclient = new HttpClient();

httpget = new GetMethod("https://www.verisign.com/");

httpclient.executeMethod(httpget);

System.out.println(httpget.getStatusLine().toString());

} catch (Exception e) {

System.out.println(e);

}

System.out.println("HttpsTestServlet test completed...");

java.net.SocketException: Socket closed

at java.net.PlainSocketImpl.socketGetOption(Native Method)

at java.net.PlainSocketImpl.getOption(PlainSocketImpl.java:214)

at java.net.Socket.getSendBufferSize(Socket.java:548)

at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:700)

at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:625)

at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:500)



is it a bug ? or I did something wrong ?

Thank you

Laurent

---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message