tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kan Ogawa <super-cr...@jcom.home.ne.jp>
Subject Re: JkCoyoteHandler with SSL
Date Sat, 16 Aug 2003 01:24:46 GMT
Look at the bug 15790.
http://issues.apache.org/bugzilla/show_bug.cgi?id=15790

This problem was fixed in 4.1.25 or later.

Ben Sifuentes wrote:
> While using Apache2.0.47 and Tomcat 4.1.24 integrated with JBOSS 3.2.1 on a Win2000 box.
> 
> I get the following exception from the Tomcat JkCoyoteHandler when making a https call
> 
> If I hit the ok button several times when it pops up the Select your Certificate box
in windows it processes the request as you can see by the output I'm able to correctly process
the SSL information being sent across the wire. 
> 
> The Certificate is a pk7 which was built from x509
> 
> Any help with this issue would be greatly appreciated. I've struggled long and hard with
the SSL communication between Apache and Tomcat and it looks like I'm very close to having
it. Except for the following error.
> 
> One last thing:
> mod_sll.so (came with the Apache2.0 distribution)
> mod_jdk_2.0.46.dll
> 
> 
> ============================================================================
> 
> 19:43:29,503 INFO  [Server] JBoss (MX MicroKernel) [3.2.1 (build: CVSTag=JBoss_3
> _2_1 date=200305041533)] Started in 1m:39s:313ms
> 19:44:49,248 ERROR [JkCoyoteHandler] Certificate convertion failed
> java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti
> on: DerInputStream.getLength(): lengthTag=127, too big.
>         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:289)
>         at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto
> ry.java:94)
>         at java.security.cert.CertificateFactory.generateCertificate(Certificate
> Factory.java:389)
>         at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
> 
>         at org.apache.coyote.Response.action(Response.java:222)
>         at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte
> r.java:310)
>         at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22
> 1)
>         at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
> 
>         at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
>         at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
>         at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja
> va:562)
>         at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
> ool.java:619)
>         at java.lang.Thread.run(Thread.java:536)
> Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too b
> ig.
>         at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
>         at sun.security.util.DerInputStream.getLength(DerInputStream.java:476)
>         at sun.security.util.DerValue.<init>(DerValue.java:233)
>         at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358)
> 
>         at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608)
>         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286)
>         ... 13 more
> .
> .
> 19:45:12,001 INFO  [Engine] CoyoteAdapter  Requested cookie session id is 01BD9D
> C9B2EF687EE90F8FAD8147B49F
> 19:45:12,001 ERROR [JkCoyoteHandler] Certificate convertion failed
> java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti
> on: DerInputStream.getLength(): lengthTag=102, too big.
>         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:289)
>         at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto
> ry.java:94)
>         at java.security.cert.CertificateFactory.generateCertificate(Certificate
> Factory.java:389)
>         at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
> 
>         at org.apache.coyote.Response.action(Response.java:222)
>         at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte
> r.java:310)
>         at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22
> 1)
>         at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
> 
>         at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
>         at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
>         at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja
> va:562)
>         at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
> ool.java:619)
>         at java.lang.Thread.run(Thread.java:536)
> Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=102, too b
> ig.
>         at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
>         at sun.security.util.DerInputStream.getLength(DerInputStream.java:476)
>         at sun.security.util.DerValue.<init>(DerValue.java:233)
>         at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358)
> 
>         at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608)
>         at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286)
>         ... 13 more
> 
> 19:46:56,281 INFO  [Engine] action: Processing a POST for /logon
> 19:46:56,291 INFO  [Engine] action: Setting locale 'en_US'
> 19:46:56,291 INFO  [Engine] action:  Looking for ActionForm bean under attribute
>  'logon'
> 19:46:56,291 INFO  [Engine] action:  Creating new ActionForm instance of class '
> pro.registrypro.products.ami.form.logonForm'
> 19:46:56,291 INFO  [Engine] action:  Storing instance under attribute 'logon' in
>  scope 'request'
> 19:46:56,291 INFO  [Engine] action:  Populating bean properties from this reques
> t
> 19:46:56,301 INFO  [Engine] action:  Validating input form properties
> 19:46:56,301 INFO  [Engine] action:   No errors detected, accepting input
> 19:46:56,301 INFO  [Engine] action:  Looking for Action instance for class pro.r
> egistrypro.products.ami.action.logonAction
> 19:46:56,301 INFO  [Engine] action:   Double checking for Action instance alread
> y there
> 19:46:56,301 INFO  [Engine] action:   Creating new Action instance
> 19:46:56,361 INFO  [STDOUT] ping: usa-bwdzu56x1fd
> 19:46:56,361 INFO  [STDOUT] ipAddr=10.168.1.61
> 19:46:56,361 INFO  [Engine] action: Begin-Validation
> 19:46:56,361 INFO  [STDOUT] ALRIGHT WE GOT SOMETHING!!!!
> 19:46:56,361 INFO  [STDOUT] [-----BEGIN CERTIFICATE-----
> MIICnTCCAgYCAQEwDQYJKoZIhvcNAQEEBQAwgYwxCzAJBgNVBAYTAlVTMRAwDgYD
> VQQIEwdHZW9yZ2lhMRAwDgYDVQQHEwdBdGxhbnRhMRQwEgYDVQQKEwtSZWdpc3Ry
> eVBybzEMMAoGA1UECxMDRGV2MRIwEAYDVQQDEwkxMjcuMC4wLjExITAfBgkqhkiG
> 9w0BCQEWEnJ3a2FzdGVuQG54anF6LmNvbTAeFw0wMzA4MTQxNDI4NTRaFw0wNDA4
> MTMxNDI4NTRaMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTEQMA4G
> A1UEBxMHQXRsYW50YTEUMBIGA1UEChMLUmVnaXN0cnlQcm8xDDAKBgNVBAsTA0Rl
> djEnMCUGA1UEAxMeVGVzdCBDbGllbnQgQ2VydCBmb3IgMTI3LjAuMC4xMSAwHgYJ
> KoZIhvcNAQkBFhFyd2thc3RlbkB4anF6LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
> jQAwgYkCgYEAz6vkmB63Q69eZDWkdWoO+bHNRu4vLQVLl/arA8W1aw7gpXrtQn19
> Bw0DIhp2OCIDOixoF6Oq3tfAz5agFcj1haRGCjtI4GlgiuIgM2bN1EuW3pbdwmtE
> 3jv3qKbMNn5M124Usn/seUn1DlMkv7+7AdDVjZz36zoMmZqaVjoSSdUCAwEAATAN
> BgkqhkiG9w0BAQQFAAOBgQALS8XG/3RL/F6K7Ytf5CF7du5Ip199TdI9FSrUcbGY
> JiS9pGlxuhJwd3c5L8A+IuN9gai5FnITnsoBHn4S3a89FxSEeqW4kAno8PWVUBeN
> KjZiHGHMiyok8h9CWZPv4CDtcLvP3jpoIEgkROs0wnfdOdwK2FyCHj2QuMc3iioO
> gA==
> -----END CERTIFICATE-----
> ]
> 19:46:56,371 INFO  [STDOUT] ---Certificate---
> 19:46:56,371 INFO  [STDOUT] type = X.509
> 19:46:56,371 INFO  [STDOUT] version = 1
> 19:46:56,371 INFO  [STDOUT] subject = EMAILADDRESS=rwkasten@xjqz.com, CN=Test Cl
> ient Cert for 127.0.0.1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US
> 19:46:56,371 INFO  [STDOUT] valid from = Thu Aug 14 10:28:54 EDT 2003
> 19:46:56,371 INFO  [STDOUT] valid to = Fri Aug 13 10:28:54 EDT 2004
> 19:46:56,371 INFO  [STDOUT] serial number = 1
> 19:46:56,371 INFO  [STDOUT] issuer = EMAILADDRESS=rwkasten@nxjqz.com, CN=127.0.0
> .1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US
> 19:46:56,371 INFO  [STDOUT] signing algorithm = MD5withRSA
> 19:46:56,381 INFO  [STDOUT] public key algorithm = RSA
> 19:46:56,381 INFO  [STDOUT] ---Extensions---
> 19:46:56,381 INFO  [STDOUT] ---
> 19:46:56,381 INFO  [Engine] action: End Loop....
> 19:46:56,381 INFO  [STDOUT] AmiDelegator.checkuser
> 19:46:56,621 INFO  [STDOUT] DataBean context set
> 19:46:56,651 INFO  [STDOUT] Ami.props
> 19:46:56,681 INFO  [STDOUT] uservo=UserVO:
>  login:rpro-developer::: pass-admin::: certid-1::: ip-10.168.1.61::: newpass-nul
> l::: sid-null::: role-null
> 19:46:57,102 INFO  [STDOUT] eppRes=(message = Wrong certificate ID), (code = 220
> 0), (tid = 14854711)
> 19:46:57,102 INFO  [STDOUT] sid=null## role=null
> 19:46:57,112 INFO  [STDOUT] code=2200
> 19:46:57,112 INFO  [STDOUT] message=Wrong certificate ID
> 19:46:57,112 INFO  [STDOUT] sid=null
> 19:46:57,112 INFO  [STDOUT] UserBean removed
> 19:46:57,112 INFO  [Engine] action: logon: Got UserException- 'Wrong certificate
>  ID' on session 01BD9DC9B2EF687EE90F8FAD8147B49F
> 19:46:57,122 INFO  [STDOUT] 1
> 19:46:57,122 INFO  [STDOUT] error=org.apache.struts.action.ActionErrors@119fc9e
> 19:46:57,162 ERROR [JkCoyoteHandler] Certificate convertion failed
> 

-- 
Kan Ogawa
super-creek@jcom.home.ne.jp


Mime
View raw message