qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajika Kumarasiri <raj...@wso2.com>
Subject Re: Timed out occurs when connecting to Java broker over SSL
Date Mon, 07 Feb 2011 10:57:56 GMT
FYI,
Here are the javax.net.debug out put for client and server respectively.  It
seems the client hasn't received the response send by the server for Hello
(although the server has responded with it). I am going to take a look at
the source.

Rajika

***
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1297010140 bytes = { 210, 134, 23, 64, 22, 110, 36, 186,
176, 47, 47, 126, 40, 148, 193, 61, 218, 147, 10, 72, 114, 176, 157, 104,
159, 94, 115, 98 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 79
main, WRITE: SSLv2 client hello message, length = 107


--------------------------------------------------------------------------------


adding as trusted cert:
  Subject: CN=hostname, OU=OrgUnit, O=Org, L=City, C=US
  Issuer:  CN=hostname, OU=OrgUnit, O=Org, L=City, C=US
  Algorithm: RSA; Serial number: 0x4d4fcc9f
  Valid from Mon Feb 07 16:12:39 IST 2011 until Tue Feb 07 16:12:39 IST 2012

***
found key for : qpidbroker
chain [0] = [
[
  Version: V3
  Subject: CN=hostname, OU=OrgUnit, O=Org, L=City, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
90202010495813129801355696552147551319218090933186512545151970006023833609194939612689793775740636125148038450265540004140860116789297132169710592864550640661158734966881541416487692973317054141180229008140221405418079554944704268557560727421973675580616882262691822711573548178059111204454321215371014260577
  public exponent: 65537
  Validity: [From: Mon Feb 07 16:12:39 IST 2011,
               To: Tue Feb 07 16:12:39 IST 2012]
  Issuer: CN=hostname, OU=OrgUnit, O=Org, L=City, C=US
  SerialNumber: [    4d4fcc9f]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 41 C9 5C 53 30 AA 06 34   11 79 66 32 27 C1 91 77  A.\S0..4.yf2'..w
0010: E8 65 21 AF 56 63 9F 86   C4 CC 84 4F E0 AD DE 4F  .e!.Vc.....O...O
0020: 06 7F C7 3B EB DA C9 78   E9 DC 4D AC 56 DD 92 BE  ...;...x..M.V...
0030: D4 DD 3A 09 D1 C5 46 C8   73 12 6A E5 D6 98 AC E9  ..:...F.s.j.....
0040: 16 95 5B 51 29 E8 97 1B   27 95 6E 0B 90 B9 3C 3C  ..[Q)...'.n...<<
0050: 4D 69 5F B8 D6 01 D1 97   75 17 EF B2 75 12 8B 48  Mi_.....u...u..H
0060: 1D C5 DE 83 F9 FD FD 35   83 DF E4 5E 68 5E 65 09  .......5...^h^e.
0070: 43 47 73 B8 27 D2 BB 8C   8F 16 EE 0A D3 68 90 96  CGs.'........h..

]
***
trigger seeding of SecureRandom
done seeding SecureRandom










On Sun, Feb 6, 2011 at 8:06 PM, Rajika Kumarasiri <rajika@wso2.com> wrote:

> I have configured a sample Java Qpid client talk to Qpid java broker ( 0.9)
> over SSL. I have provided the required keystore/truststore files and the
> required passwords correctly. When the client tries to connect to the broker
> it receives the following timed out error. I try increasing the time out (
> by increasing the a value to the system property qpid.ssl_timeout) of the
> SSLSender but that didn't help. Any help is greatly appreciated. I am
> looking into the javax.net.debug logs right now, if you  think that'll help
> I can post them as well.
> Is there any other kind of logging that I can enable to get more
> information ?
>
> BTW, I also notice that the keystore file and the keystore password given
> through the connection url actually transmitted into the truststore
> file+password combination, so I had to pass keystore file and the password
> as system properties.
>
> Rajika
>
>
> [2011-02-06 20:02:56,327] ERROR
> {org.apache.axis2.transport.base.threads.NativeWorkerPool} -  Uncaught
> exception
> org.apache.axis2.transport.jms.AxisJMSException: Error acquiring a JMS
> connection to : QueueConnectionFactory using JNDI properties :
> {java.naming.factory.initial=org.apache.qpid.jndi.PropertiesFileInitialContextFactory,
> transport.jms.Password=admin,
> java.naming.provider.url=repository/conf/csg-qpid.properties,
> transport.jms.ConnectionFactory=SimpleStockQuoteServiceQueueConnectionFactory,
> transport.jms.UserName=admin, transport.jms.ConnectionFactoryType=queue,
> ServiceClass=samples.services.SimpleStockQuoteService}
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager.handleException(ServiceTaskManager.java:980)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager.access$700(ServiceTaskManager.java:50)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.createConnection(ServiceTaskManager.java:815)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.getConnection(ServiceTaskManager.java:686)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.receiveMessage(ServiceTaskManager.java:484)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.run(ServiceTaskManager.java:412)
>     at
> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:173)
>     at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>     at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.jms.JMSException: Error creating connection: SSL Engine
> timed out waiting for a response.To get more info,run with
> -Djavax.net.debug=ssl
>     at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:326)
>     at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:297)
>     at
> org.apache.axis2.transport.jms.JMSUtils.createConnection(JMSUtils.java:552)
>     at
> org.apache.axis2.transport.jms.ServiceTaskManager$MessageListenerTask.createConnection(ServiceTaskManager.java:804)
>     ... 7 more
> Caused by: org.apache.qpid.AMQConnectionFailureException: SSL Engine timed
> out waiting for a response.To get more info,run with -Djavax.net.debug=ssl
>     at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:620)
>     at
> org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:317)
>     ... 10 more
> Caused by: org.apache.qpid.transport.SenderException: SSL Engine timed out
> waiting for a response.To get more info,run with -Djavax.net.debug=ssl
>     at
> org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:227)
>     at
> org.apache.qpid.transport.network.security.ssl.SSLSender.send(SSLSender.java:36)
>     at
> org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:158)
>     at
> org.apache.qpid.transport.network.Disassembler.init(Disassembler.java:49)
>     at
> org.apache.qpid.transport.ProtocolHeader.delegate(ProtocolHeader.java:105)
>     at
> org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:81)
>     at
> org.apache.qpid.transport.network.Disassembler.send(Disassembler.java:49)
>     at org.apache.qpid.transport.Connection.send(Connection.java:360)
>     at org.apache.qpid.transport.Connection.connect(Connection.java:238)
>     at
> org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:164)
>     at
> org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:761)
>     at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:547)
>     ... 11 more
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message