Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 70412 invoked from network); 16 Aug 2003 01:26:55 -0000 Received: from femail11.im.home.ne.jp (203.165.11.233) by daedalus.apache.org with SMTP; 16 Aug 2003 01:26:55 -0000 Received: by femail11.im.home.ne.jp with ESMTP id <20030816012702.FHJQ1106.femail11.im.home.ne.jp@smtp102.mf.home.ne.jp> for ; Sat, 16 Aug 2003 10:27:02 +0900 Received: from jcom.home.ne.jp (61-27-53-63.home.ne.jp [61.27.53.63]) by smtp102.mf.home.ne.jp (s13073000) with ESMTP id h7G1R2Iq018853 for ; Sat, 16 Aug 2003 10:27:02 +0900 (JST) Message-ID: <3F3D87DE.9030207@jcom.home.ne.jp> Date: Sat, 16 Aug 2003 10:24:46 +0900 From: Kan Ogawa User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; ja-JP; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en, ja MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: JkCoyoteHandler with SSL References: <005101c3638f$bf4fff70$3d01a80a@usabwdzu56x1fd> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Look at the bug 15790. http://issues.apache.org/bugzilla/show_bug.cgi?id=15790 This problem was fixed in 4.1.25 or later. Ben Sifuentes wrote: > While using Apache2.0.47 and Tomcat 4.1.24 integrated with JBOSS 3.2.1 on a Win2000 box. > > I get the following exception from the Tomcat JkCoyoteHandler when making a https call > > If I hit the ok button several times when it pops up the Select your Certificate box in windows it processes the request as you can see by the output I'm able to correctly process the SSL information being sent across the wire. > > The Certificate is a pk7 which was built from x509 > > Any help with this issue would be greatly appreciated. I've struggled long and hard with the SSL communication between Apache and Tomcat and it looks like I'm very close to having it. Except for the following error. > > One last thing: > mod_sll.so (came with the Apache2.0 distribution) > mod_jdk_2.0.46.dll > > > ============================================================================ > > 19:43:29,503 INFO [Server] JBoss (MX MicroKernel) [3.2.1 (build: CVSTag=JBoss_3 > _2_1 date=200305041533)] Started in 1m:39s:313ms > 19:44:49,248 ERROR [JkCoyoteHandler] Certificate convertion failed > java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti > on: DerInputStream.getLength(): lengthTag=127, too big. > at sun.security.x509.X509CertImpl.(X509CertImpl.java:289) > at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto > ry.java:94) > at java.security.cert.CertificateFactory.generateCertificate(Certificate > Factory.java:389) > at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) > > at org.apache.coyote.Response.action(Response.java:222) > at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte > r.java:310) > at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22 > 1) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) > > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) > at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja > va:562) > at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP > ool.java:619) > at java.lang.Thread.run(Thread.java:536) > Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too b > ig. > at sun.security.util.DerInputStream.getLength(DerInputStream.java:502) > at sun.security.util.DerInputStream.getLength(DerInputStream.java:476) > at sun.security.util.DerValue.(DerValue.java:233) > at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358) > > at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608) > at sun.security.x509.X509CertImpl.(X509CertImpl.java:286) > ... 13 more > . > . > 19:45:12,001 INFO [Engine] CoyoteAdapter Requested cookie session id is 01BD9D > C9B2EF687EE90F8FAD8147B49F > 19:45:12,001 ERROR [JkCoyoteHandler] Certificate convertion failed > java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti > on: DerInputStream.getLength(): lengthTag=102, too big. > at sun.security.x509.X509CertImpl.(X509CertImpl.java:289) > at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto > ry.java:94) > at java.security.cert.CertificateFactory.generateCertificate(Certificate > Factory.java:389) > at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) > > at org.apache.coyote.Response.action(Response.java:222) > at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte > r.java:310) > at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22 > 1) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) > > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) > at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja > va:562) > at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP > ool.java:619) > at java.lang.Thread.run(Thread.java:536) > Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=102, too b > ig. > at sun.security.util.DerInputStream.getLength(DerInputStream.java:502) > at sun.security.util.DerInputStream.getLength(DerInputStream.java:476) > at sun.security.util.DerValue.(DerValue.java:233) > at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358) > > at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608) > at sun.security.x509.X509CertImpl.(X509CertImpl.java:286) > ... 13 more > > 19:46:56,281 INFO [Engine] action: Processing a POST for /logon > 19:46:56,291 INFO [Engine] action: Setting locale 'en_US' > 19:46:56,291 INFO [Engine] action: Looking for ActionForm bean under attribute > 'logon' > 19:46:56,291 INFO [Engine] action: Creating new ActionForm instance of class ' > pro.registrypro.products.ami.form.logonForm' > 19:46:56,291 INFO [Engine] action: Storing instance under attribute 'logon' in > scope 'request' > 19:46:56,291 INFO [Engine] action: Populating bean properties from this reques > t > 19:46:56,301 INFO [Engine] action: Validating input form properties > 19:46:56,301 INFO [Engine] action: No errors detected, accepting input > 19:46:56,301 INFO [Engine] action: Looking for Action instance for class pro.r > egistrypro.products.ami.action.logonAction > 19:46:56,301 INFO [Engine] action: Double checking for Action instance alread > y there > 19:46:56,301 INFO [Engine] action: Creating new Action instance > 19:46:56,361 INFO [STDOUT] ping: usa-bwdzu56x1fd > 19:46:56,361 INFO [STDOUT] ipAddr=10.168.1.61 > 19:46:56,361 INFO [Engine] action: Begin-Validation > 19:46:56,361 INFO [STDOUT] ALRIGHT WE GOT SOMETHING!!!! > 19:46:56,361 INFO [STDOUT] [-----BEGIN CERTIFICATE----- > MIICnTCCAgYCAQEwDQYJKoZIhvcNAQEEBQAwgYwxCzAJBgNVBAYTAlVTMRAwDgYD > VQQIEwdHZW9yZ2lhMRAwDgYDVQQHEwdBdGxhbnRhMRQwEgYDVQQKEwtSZWdpc3Ry > eVBybzEMMAoGA1UECxMDRGV2MRIwEAYDVQQDEwkxMjcuMC4wLjExITAfBgkqhkiG > 9w0BCQEWEnJ3a2FzdGVuQG54anF6LmNvbTAeFw0wMzA4MTQxNDI4NTRaFw0wNDA4 > MTMxNDI4NTRaMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTEQMA4G > A1UEBxMHQXRsYW50YTEUMBIGA1UEChMLUmVnaXN0cnlQcm8xDDAKBgNVBAsTA0Rl > djEnMCUGA1UEAxMeVGVzdCBDbGllbnQgQ2VydCBmb3IgMTI3LjAuMC4xMSAwHgYJ > KoZIhvcNAQkBFhFyd2thc3RlbkB4anF6LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB > jQAwgYkCgYEAz6vkmB63Q69eZDWkdWoO+bHNRu4vLQVLl/arA8W1aw7gpXrtQn19 > Bw0DIhp2OCIDOixoF6Oq3tfAz5agFcj1haRGCjtI4GlgiuIgM2bN1EuW3pbdwmtE > 3jv3qKbMNn5M124Usn/seUn1DlMkv7+7AdDVjZz36zoMmZqaVjoSSdUCAwEAATAN > BgkqhkiG9w0BAQQFAAOBgQALS8XG/3RL/F6K7Ytf5CF7du5Ip199TdI9FSrUcbGY > JiS9pGlxuhJwd3c5L8A+IuN9gai5FnITnsoBHn4S3a89FxSEeqW4kAno8PWVUBeN > KjZiHGHMiyok8h9CWZPv4CDtcLvP3jpoIEgkROs0wnfdOdwK2FyCHj2QuMc3iioO > gA== > -----END CERTIFICATE----- > ] > 19:46:56,371 INFO [STDOUT] ---Certificate--- > 19:46:56,371 INFO [STDOUT] type = X.509 > 19:46:56,371 INFO [STDOUT] version = 1 > 19:46:56,371 INFO [STDOUT] subject = EMAILADDRESS=rwkasten@xjqz.com, CN=Test Cl > ient Cert for 127.0.0.1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US > 19:46:56,371 INFO [STDOUT] valid from = Thu Aug 14 10:28:54 EDT 2003 > 19:46:56,371 INFO [STDOUT] valid to = Fri Aug 13 10:28:54 EDT 2004 > 19:46:56,371 INFO [STDOUT] serial number = 1 > 19:46:56,371 INFO [STDOUT] issuer = EMAILADDRESS=rwkasten@nxjqz.com, CN=127.0.0 > .1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US > 19:46:56,371 INFO [STDOUT] signing algorithm = MD5withRSA > 19:46:56,381 INFO [STDOUT] public key algorithm = RSA > 19:46:56,381 INFO [STDOUT] ---Extensions--- > 19:46:56,381 INFO [STDOUT] --- > 19:46:56,381 INFO [Engine] action: End Loop.... > 19:46:56,381 INFO [STDOUT] AmiDelegator.checkuser > 19:46:56,621 INFO [STDOUT] DataBean context set > 19:46:56,651 INFO [STDOUT] Ami.props > 19:46:56,681 INFO [STDOUT] uservo=UserVO: > login:rpro-developer::: pass-admin::: certid-1::: ip-10.168.1.61::: newpass-nul > l::: sid-null::: role-null > 19:46:57,102 INFO [STDOUT] eppRes=(message = Wrong certificate ID), (code = 220 > 0), (tid = 14854711) > 19:46:57,102 INFO [STDOUT] sid=null## role=null > 19:46:57,112 INFO [STDOUT] code=2200 > 19:46:57,112 INFO [STDOUT] message=Wrong certificate ID > 19:46:57,112 INFO [STDOUT] sid=null > 19:46:57,112 INFO [STDOUT] UserBean removed > 19:46:57,112 INFO [Engine] action: logon: Got UserException- 'Wrong certificate > ID' on session 01BD9DC9B2EF687EE90F8FAD8147B49F > 19:46:57,122 INFO [STDOUT] 1 > 19:46:57,122 INFO [STDOUT] error=org.apache.struts.action.ActionErrors@119fc9e > 19:46:57,162 ERROR [JkCoyoteHandler] Certificate convertion failed > -- Kan Ogawa super-creek@jcom.home.ne.jp