qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vavricka <vavricka.to...@gmail.com>
Subject Re: [Java Broker] Select certificate from broker keystore
Date Fri, 16 Mar 2018 07:55:34 GMT
Hi,

thanks for quick reply. We are eager for Java Broker 7.0.3.

Regards,
Tomas


Keith Wall wrote
> Hi Tomas,
> 
> It should not be too hard to separate out a defect fix from the work
> of QPID-7567.   I will look to include this in a 7.0.3 which should
> not be too far away.
> 
> Kind regards, Keith.
> 
> On 15 March 2018 at 17:06, Rob Godfrey &lt;

> rob.j.godfrey@

> &gt; wrote:
>> Hi Tomas,
>>
>> there is/was a bug in the broker whereby it would always pick the first
>> certificate rather than the one with the correct alias.  I fixed the bug
>> as
>> part of QPID-7567[1] last year, however I think that is only on master
>> (and
>> scheduled for 7.1) and hasn't been backported to 7.0.x.
>>
>> -- Rob
>>
>> [1] https://issues.apache.org/jira/browse/QPID-7567
>>
>> On 15 March 2018 at 15:03, Vavricka &lt;

> vavricka.tomas@

> &gt; wrote:
>>
>>> Hi,
>>>
>>> *I generate multiple self-signed certificates by:*
>>>
>>> keytool -genkeypair -alias pc18379_1 -dname CN=pc18379 -validity 1096
>>> -keysize 2048 -keyalg RSA -sigalg SHA512withRSA -keypass '123456'
>>> -storepass
>>> 123456 -deststoretype PKCS12 -keystore pc18379_1.jks
>>> keytool -genkeypair -alias pc18379_2 -dname CN=pc18379 -validity 1096
>>> -keysize 2048 -keyalg RSA -sigalg SHA512withRSA -keypass '123456'
>>> -storepass
>>> 123456 -deststoretype PKCS12 -keystore pc18379_2.jks
>>> keytool -genkeypair -alias pc18379_3 -dname CN=pc18379 -validity 1096
>>> -keysize 2048 -keyalg RSA -sigalg SHA512withRSA -keypass '123456'
>>> -storepass
>>> 123456 -deststoretype PKCS12 -keystore pc18379_3.jks
>>>
>>> Each generated keypair has own keystore.
>>>
>>> *I export private keys to keystore which broker will use by:*
>>>
>>> keytool -importkeystore -srckeystore pc18379_1.jks -srcstoretype PKCS12
>>> -storepass '123456' -srcstorepass '123456' -alias pc18379_1
>>> -deststoretype
>>> PKCS12 -destkeystore keystore
>>> keytool -importkeystore -srckeystore pc18379_2.jks -srcstoretype PKCS12
>>> -storepass '123456' -srcstorepass '123456' -alias pc18379_2
>>> -deststoretype
>>> PKCS12 -destkeystore keystore
>>> keytool -importkeystore -srckeystore pc18379_3.jks -srcstoretype PKCS12
>>> -storepass '123456' -srcstorepass '123456' -alias pc18379_3
>>> -deststoretype
>>> PKCS12 -destkeystore keystore
>>>
>>> *I export public certificates by:*
>>>
>>> keytool -exportcert -keystore pc18379_1.jks -storepass '123456' -alias
>>> pc18379_1 -rfc -file pc18379_1.crt
>>> keytool -exportcert -keystore pc18379_2.jks -storepass '123456' -alias
>>> pc18379_2 -rfc -file pc18379_2.crt
>>> keytool -exportcert -keystore pc18379_3.jks -storepass '123456' -alias
>>> pc18379_3 -rfc -file pc18379_3.crt
>>>
>>> *I create truststores for clients by:*
>>>
>>> keytool -import -alias pc18379_1 -file pc18379_1.crt -storepass '123456'
>>> -noprompt -deststoretype PKCS12 -keystore pc18379_1.truststore
>>> keytool -import -alias pc18379_2 -file pc18379_2.crt -storepass '123456'
>>> -noprompt -deststoretype PKCS12 -keystore pc18379_2.truststore
>>> keytool -import -alias pc18379_3 -file pc18379_3.crt -storepass '123456'
>>> -noprompt -deststoretype PKCS12 -keystore pc18379_3.truststore
>>>
>>> *List of certificates in "keystore" (keystore broker will use)*
>>>
>>> Enter keystore password:
>>> Keystore type: JKS
>>> Keystore provider: SUN
>>>
>>> Your keystore contains 3 entries
>>>
>>> Alias name: pc18379_1
>>> Creation date: Mar 15, 2018
>>> Entry type: PrivateKeyEntry
>>> Certificate chain length: 1
>>> Certificate[1]:
>>> Owner: CN=pc18379
>>> Issuer: CN=pc18379
>>> Serial number: 54f1c168
>>> Valid from: Thu Mar 15 14:05:07 CET 2018 until: Mon Mar 15 14:05:07 CET
>>> 2021
>>> Certificate fingerprints:
>>>          MD5:  60:6C:94:B6:5D:18:C3:AC:89:56:3F:A9:A2:70:83:37
>>>          SHA1:
>>> 0D:D4:14:24:E6:92:35:B7:5B:A3:71:A7:BF:45:B3:6C:37:65:7F:4E
>>>          SHA256:
>>> 79:F0:77:65:27:93:5C:D0:55:73:42:B6:2D:4E:75:94:9A:64:6A:35:
>>> 7C:12:4F:B0:CD:82:D7:89:96:8F:88:59
>>> Signature algorithm name: SHA512withRSA
>>> Subject Public Key Algorithm: 2048-bit RSA key
>>> Version: 3
>>>
>>> Extensions:
>>>
>>> #1: ObjectId: 2.5.29.14 Criticality=false
>>> SubjectKeyIdentifier [
>>> KeyIdentifier [
>>> 0000: 87 A5 26 94 CC 30 E8 63   66 61 87 1A 83 29 E7 63 
>>> ..&..0.cfa...).c
>>> 0010: EE 16 2D B6                                        ..-.
>>> ]
>>> ]
>>>
>>>
>>>
>>> *******************************************
>>> *******************************************
>>>
>>>
>>> Alias name: pc18379_2
>>> Creation date: Mar 15, 2018
>>> Entry type: PrivateKeyEntry
>>> Certificate chain length: 1
>>> Certificate[1]:
>>> Owner: CN=pc18379
>>> Issuer: CN=pc18379
>>> Serial number: 23e58c32
>>> Valid from: Thu Mar 15 14:06:38 CET 2018 until: Mon Mar 15 14:06:38 CET
>>> 2021
>>> Certificate fingerprints:
>>>          MD5:  15:71:70:31:43:11:D9:15:3B:5B:E7:F0:DD:AB:96:DB
>>>          SHA1:
>>> D6:37:E3:4B:75:C7:9E:4B:D2:92:5C:50:92:DB:71:17:BE:58:FC:2F
>>>          SHA256:
>>> 52:88:88:AA:AE:C3:68:88:02:4D:CA:4E:32:76:DF:98:09:B9:03:9A:
>>> AB:3E:C1:CF:69:6C:B2:B2:97:D8:87:ED
>>> Signature algorithm name: SHA512withRSA
>>> Subject Public Key Algorithm: 2048-bit RSA key
>>> Version: 3
>>>
>>> Extensions:
>>>
>>> #1: ObjectId: 2.5.29.14 Criticality=false
>>> SubjectKeyIdentifier [
>>> KeyIdentifier [
>>> 0000: 97 0A 71 24 FA C9 EB 52   72 D8 30 AC 46 FA 87 02 
>>> ..q$...Rr.0.F...
>>> 0010: 28 63 A8 D8                                        (c..
>>> ]
>>> ]
>>>
>>>
>>>
>>> *******************************************
>>> *******************************************
>>>
>>>
>>> Alias name: pc18379_3
>>> Creation date: Mar 15, 2018
>>> Entry type: PrivateKeyEntry
>>> Certificate chain length: 1
>>> Certificate[1]:
>>> Owner: CN=pc18379
>>> Issuer: CN=pc18379
>>> Serial number: 4c6d4854
>>> Valid from: Thu Mar 15 14:06:44 CET 2018 until: Mon Mar 15 14:06:44 CET
>>> 2021
>>> Certificate fingerprints:
>>>          MD5:  CC:FD:D2:DA:38:A1:0F:3E:B1:6D:A3:62:65:D0:E3:82
>>>          SHA1:
>>> EE:37:84:C3:8E:B1:42:06:32:07:A4:CF:F0:EA:39:E7:3D:9F:3B:4F
>>>          SHA256:
>>> 18:D4:41:2D:40:F1:19:35:68:6A:90:A3:2D:8A:64:4D:AC:1E:30:DF:
>>> 48:C9:13:F1:92:EF:A2:02:8B:B9:D3:B7
>>> Signature algorithm name: SHA512withRSA
>>> Subject Public Key Algorithm: 2048-bit RSA key
>>> Version: 3
>>>
>>> Extensions:
>>>
>>> #1: ObjectId: 2.5.29.14 Criticality=false
>>> SubjectKeyIdentifier [
>>> KeyIdentifier [
>>> 0000: CE 2A EE 5D B0 4A DE AA   47 97 A1 B2 70 14 9A 0A 
>>> .*.].J..G...p...
>>> 0010: BE 4F 84 87                                        .O..
>>> ]
>>> ]
>>>
>>>
>>>
>>> *******************************************
>>> *******************************************
>>>
>>>
>>> *I have keystore configured like (alias set to pc18379_1) in
>>> config.json*
>>>
>>> "keystores" : [ {
>>>     "id" : "7eaa413b-0759-4552-b962-8393f492bed5",
>>>     "name" : "keyStore",
>>>     "type" : "FileKeyStore",
>>>     "certificateAlias" : "pc18379_1",
>>>     "keyStoreType" : "pkcs12",
>>>     "password" : "123456",
>>>     "storeUrl" : "path_to/keystore",
>>>     "lastUpdatedBy" : "admin",
>>>     "lastUpdatedTime" : 1521120324562,
>>>     "createdBy" : null,
>>>     "createdTime" : 1520409258289
>>>   }
>>>
>>> But when I try to connect it seems server always offers certificate with
>>> alias pc18379_2 (according to certificate serial number).
>>>
>>> *Part of client output with ssl debug below *
>>>
>>> ***
>>> adding as trusted cert:
>>>   Subject: CN=pc18379
>>>   Issuer:  CN=pc18379
>>>   Algorithm: RSA; Serial number: 0x54f1c168
>>>   Valid from Thu Mar 15 14:05:07 CET 2018 until Mon Mar 15 14:05:07 CET
>>> 2021
>>>
>>> trigger seeding of SecureRandom
>>> done seeding SecureRandom
>>> Using SSLEngineImpl.
>>> Allow unsafe renegotiation: false
>>> Allow legacy hello messages: true
>>> Is initial handshake: true
>>> Is secure renegotiation: false
>>> Ignoring unsupported cipher suite:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>>> for TLSv1
>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>> for
>>> TLSv1
>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
>>> TLSv1
>>> Ignoring unsupported cipher suite:
>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>>> for TLSv1
>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>>> for
>>> TLSv1
>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>>> for
>>> TLSv1
>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>>> for
>>> TLSv1
>>> Ignoring unsupported cipher suite:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>>> for TLSv1.1
>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>> for
>>> TLSv1.1
>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
>>> TLSv1.1
>>> Ignoring unsupported cipher suite:
>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>>> for TLSv1.1
>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>>> for
>>> TLSv1.1
>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>>> for
>>> TLSv1.1
>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>>> for
>>> TLSv1.1
>>> %% No cached client session
>>> *** ClientHello, TLSv1.2
>>> RandomCookie:  GMT: 1504343366 bytes = { 242, 16, 210, 94, 238, 136,
>>> 192,
>>> 81, 81, 214, 102, 58, 118, 26, 105, 92, 227, 208, 129, 50, 61, 64, 149,
>>> 184,
>>> 63, 8, 156, 167 }
>>> Session ID:  {}
>>> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
>>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
>>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
>>> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
>>> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
>>> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_
>>> GCM_SHA256,
>>> TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
>>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
>>> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_
>>> CBC_SHA,
>>> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
>>> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>>> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>>> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
>>> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>>> Compression Methods:  { 0 }
>>> Extension elliptic_curves, curve names: {secp256r1, secp384r1,
>>> secp521r1,
>>> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
>>> secp256k1}
>>> Extension ec_point_formats, formats: [uncompressed]
>>> Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
>>> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
>>> SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA,
>>> SHA224withDSA,
>>> SHA1withECDSA, SHA1withRSA, SHA1withDSA
>>> Extension extended_master_secret
>>> ***
>>> epollEventLoopGroup-2-1, WRITE: TLSv1.2 Handshake, length = 213
>>> epollEventLoopGroup-2-1, READ: TLSv1.2 Handshake, length = 1181
>>> *** ServerHello, TLSv1.2
>>> RandomCookie:  GMT: 1504343366 bytes = { 34, 240, 18, 201, 166, 150,
>>> 106,
>>> 20, 7, 238, 118, 230, 164, 241, 16, 205, 144, 166, 225, 15, 198, 46,
>>> 255,
>>> 202, 105, 76, 188, 245 }
>>> Session ID:  {90, 170, 117, 70, 148, 189, 188, 50, 181, 3, 51, 89, 233,
>>> 185,
>>> 36, 131, 116, 25, 85, 242, 62, 233, 49, 26, 251, 189, 219, 18, 78, 95,
>>> 78,
>>> 192}
>>> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>> Compression Method: 0
>>> Extension renegotiation_info, renegotiated_connection: 
> <empty>
>>> Extension extended_master_secret
>>> ***
>>> %% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
>>> ** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>> *** Certificate chain
>>> chain [0] = [
>>> [
>>>   Version: V3
>>>   Subject: CN=pc18379
>>>   Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
>>>
>>>   Key:  Sun RSA public key, 2048 bits
>>>   modulus:
>>> 165438698110777102574935180066646178230189714551405711000916
>>> 502231729221499168988929095436092143629756893423630326110074
>>> 611129606788770716290100233694798872132130313346237270268074
>>> 600727967433242271462965976511106532762191403789966800934214
>>> 703128344239387335255206277776901505998285012989408302330099
>>> 101903223715581339670048094254818467715367589045654455766621
>>> 391363764385129266254840326773292376711967879512715408835168
>>> 905677748756299230477536746741007092191896220734233520322065
>>> 536695611138534864481068128580398582561034709070229388393652
>>> 615212670230082739228411698920125306860255123140496291356609
>>> 48872714396612667
>>>   public exponent: 65537
>>>   Validity: [From: Thu Mar 15 14:06:38 CET 2018,
>>>                To: Mon Mar 15 14:06:38 CET 2021]
>>>   Issuer: CN=pc18379
>>>   SerialNumber: [    23e58c32]
>>>
>>> Certificate Extensions: 1
>>> [1]: ObjectId: 2.5.29.14 Criticality=false
>>> SubjectKeyIdentifier [
>>> KeyIdentifier [
>>> 0000: 97 0A 71 24 FA C9 EB 52   72 D8 30 AC 46 FA 87 02 
>>> ..q$...Rr.0.F...
>>> 0010: 28 63 A8 D8                                        (c..
>>> ]
>>> ]
>>>
>>> ]
>>>   Algorithm: [SHA512withRSA]
>>>   Signature:
>>> 0000: 5B E5 5C 5E FE B7 1E 7C   32 B5 F8 22 A2 4A 37 5A 
>>> [.\^....2..".J7Z
>>> 0010: 82 19 72 71 DE 65 00 05   56 6F 85 DD A3 EF BA 3C 
>>> ..rq.e..Vo.....<
>>> 0020: 7F 1E 90 A3 26 6B 18 4D   F7 79 59 92 A0 6D 53 06 
>>> ....&k.M.yY..mS.
>>> 0030: 38 C4 47 A1 CC D1 D1 D3   64 8E D2 13 F1 4D C1 EB 
>>> 8.G.....d....M..
>>> 0040: C2 F4 57 2A 9C 90 F9 3B   5B F8 72 C5 37 9E 09 57 
>>> ..W*...;[.r.7..W
>>> 0050: FB 33 2C 00 70 22 82 94   27 E1 F4 9D 0E A5 76 77 
>>> .3,.p"..'.....vw
>>> 0060: 7C C1 02 E7 B3 7A 13 C4   CE F4 62 9E 3E 1F FA F6 
>>> .....z....b.>...
>>> 0070: 6C BD 2C AE 53 2C 6D 9E   BC 21 50 46 44 85 B5 62 
>>> l.,.S,m..!PFD..b
>>> 0080: 0F 11 23 60 9D 48 F2 41   7D BD 30 23 0E 21 D5 A7 
>>> ..#`.H.A..0#.!..
>>> 0090: 30 E7 E4 33 0C 7D 0B 8A   EA 2D 30 6C 25 ED D3 2A 
>>> 0..3.....-0l%..*
>>> 00A0: 79 E7 9E 6C 1C C5 D0 D7   25 AF B7 A6 BD D1 C4 21 
>>> y..l....%......!
>>> 00B0: 11 91 6E 8A BA 9F E9 47   B4 09 65 10 28 49 A5 1E 
>>> ..n....G..e.(I..
>>> 00C0: 77 6A 5B 62 8C 01 FA E2   F1 22 46 E2 0C D8 5F DF 
>>> wj[b....."F..._.
>>> 00D0: 71 E5 51 52 73 DD FB 70   3C 42 61 08 F7 30 84 7E  q.QRs..p
> <Ba..0..
>>
>> 00E0: 68 3B A1 FC 8F F4 72 DD   91 38 C5 4D 8F ED D5 69  h;....r..8.M...i
>>> 00F0: 25 A7 3C 4F 51 20 48 22   1C F7 18 63 A4 18 73 A0  %.
> <OQ H"...c..s.
>>
>>
>>> ]
>>> ***
>>> epollEventLoopGroup-2-1, fatal error: 46: General SSLEngine problem
>>> sun.security.validator.ValidatorException: PKIX path validation failed:
>>> java.security.cert.CertPathValidatorException: signature check failed
>>> %% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
>>> epollEventLoopGroup-2-1, SEND TLSv1.2 ALERT:  fatal, description =
>>> certificate_unknown
>>> epollEventLoopGroup-2-1, WRITE: TLSv1.2 Alert, length = 2
>>> epollEventLoopGroup-2-1, fatal: engine already closed.  Rethrowing
>>> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>>> epollEventLoopGroup-2-1, called closeOutbound()
>>> epollEventLoopGroup-2-1, closeOutboundInternal()
>>> epollEventLoopGroup-2-1, called closeInbound()
>>> epollEventLoopGroup-2-1, fatal: engine already closed.  Rethrowing
>>> javax.net.ssl.SSLException: Inbound closed before receiving peer's
>>> close_notify: possible truncation attack?
>>> epollEventLoopGroup-2-1, called closeOutbound()
>>> epollEventLoopGroup-2-1, closeOutboundInternal()
>>> epollEventLoopGroup-2-1, called closeInbound()
>>> epollEventLoopGroup-2-1, closeInboundInternal()
>>>
>>> Even when certificate alias in java broker keystore configuration is set
>>> to
>>> pc18379_1 (serial number - 54f1c168), java broker always offers
>>> certificate
>>> with alias pc18379_2 (serial number - 23e58c32).
>>>
>>> Am I doing anything wrong?
>>>
>>> Java Broker version 7.0.1
>>> Qpid JMS client version 0.27.0
>>>
>>> Regards,
>>> Tomas
>>>
>>>
>>>
>>> --
>>> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
>>> f2158936.html
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: 

> users-unsubscribe@.apache

>>> For additional commands, e-mail: 

> users-help@.apache

>>>
>>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 

> users-unsubscribe@.apache

> For additional commands, e-mail: 

> users-help@.apache





--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message