[Adding @dev] Hi Sudheera,
Did you remove ServerConnFactoryBuilder and ClientConnFactoryBuilder from the source and added the changed classes again? Its difficult to see which lines have changed in the patch file. Please remove ServerConnFactoryBuilder and ClientConnFactoryBuilder from your local source, svn up again, and then do the changes in those files and create the patch file. Thanks, Jeewantha On Wed, Mar 19, 2014 at 3:00 AM, Sudheera Palihakkara <sudhe...@wso2.com>wrote: > Hi ayya, > > I have done some coding ServerSSLSetupHander.java and > ServerConnFactoryBuilder.java as they did in the backend side. I think the > logic is ok but it's hard to test since we don't have certificate chain > that signed by a CA. I used wso2carbon.jks for client and the request get > failed since both ocsp and crl verification get failed for wso2carbon.jks . > I have attached the diff file. Can you take a look. > > > thanks. > > > On Wed, Mar 19, 2014 at 11:43 AM, Sudheera Palihakkara > <sudhe...@wso2.com>wrote: > >> Hi ayya, >> >> In ServerConnFactoryBuilder.java file line 202 >> >> >> >> * ServerSSLSetupHandler sslSetupHandler = >> (clientAuth != null || httpsProtocols != >> null) ? new >> ServerSSLSetupHandler(clientAuth,httpsProtocols) : null;* >> >> it seems like if SSLVerifyClient parameter not defined then >> *ServerSSLSetupHandler()* isn't get invoked. Do we need this >> "SSLVerifyClient" parameter set to "required" in order to verify ocsp and >> crl ? >> >> >> >> >> >> On Sat, Mar 15, 2014 at 12:20 AM, Jeewantha Dharmaparakrama < >> jeewan...@wso2.com> wrote: >> >>> Hi Sudheera, >>> >>> You don't need SSL Profiles to talk to HTTPS backends. SSL profiles are >>> to define different SSL configurations (Trust stores, Keystores) to >>> different backends. And according to the logs, the connection is not made >>> to an HTTPS backend. Error occurs during SSL handshake. >>> >>> To make an HTTPS connection just host your service in some server >>> (doesnt matter which) and in the ESB define the endpoint to connect to the >>> https port with the correct HTTPS endpoint URL. >>> >>> However to test OCSP/CRL you cant use a carbon server which runs in your >>> local macine. The reason is, the certificates defined in the Carbon Servers >>> are fake (Self signed). That's why the web browser says "Untrusted >>> connection" when you try connect to the management console of a locally >>> running carbon server. And in those fake certificates, the CRL/OCSP urls >>> are not defined. So you cant test OCSP/CRL feature that way. >>> >>> So don't run the backend in your local machine. Instead, use some HTTPS >>> backend like https://www.facebook.com or if you need a webservice use >>> the echo service in Stratos Live[1] . Stratos live uses valid WSO2 >>> certificates signed by Digicert, a valid CA which has its OCSP/CRL servers >>> running[2]. >>> >>> [1] https://stratoslive.wso2.com/services/echo?wsdl >>> [2] http://www.digicert.com/ >>> >>> If you have more questions please ask on @Dev to be more visible to the >>> public. >>> >>> Thanks, >>> Jeewantha >>> >>> >>> On Fri, Mar 14, 2014 at 2:09 AM, Sudheera Palihakkara <sudhe...@wso2.com >>> > wrote: >>> >>>> Hi ayya. >>>> >>>> I'm trying to invoke the already implemented ocsp at the transport >>>> sender and get an idea about the flow. But I'm having some difficulties >>>> during the process. here's what I've done >>>> >>>> 1 . followed this >>>> [1<http://pathberiya.blogspot.com/2010/07/ssl-profiles-in-wso2-esb.html>] >>>> document to create the SSL profiles. (used same axis2.xml with password as >>>> *wso2carbon* ) >>>> 2. Started a separate DSS with clientAuth="true" in >>>> catalina-server.xml >>>> 3. created a proxy service in ESB to invoke *echo service* deployed at >>>> DSS with use of *https* in the endppoint. >>>> >>>> When I invoked the proxy service I'm getting this error >>>> >>>> *[2014-03-14 13:11:10,725] ERROR - TargetHandler I/O error: >>>> Unrecognized SSL message, plaintext connection?* >>>> >>>> Full error log[2 <http://pastebin.com/5VMK4cnT>]. >>>> >>>> Can you help me out please. I there any other way to test this, I might >>>> need something similar for transport listener too. thank you >>>> >>>> >>>> [1] >>>> http://pathberiya.blogspot.com/2010/07/ssl-profiles-in-wso2-esb.html >>>> [2] http://pastebin.com/5VMK4cnT >>>> >>> >>> >>> >>> -- >>> Jeewantha Dharmaparakrama >>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>> Phone : (+94) 774726790 >>> Skype : prasad.jeewantha >>> LinkedIn : http://www.linkedin.com/in/jeewanthad >>> Twitter: https://twitter.com/jeewamp >>> Blog: http://jeewanthad.blogspot.com/ >>> >> >> > -- Jeewantha Dharmaparakrama Software Engineer; WSO2, Inc.; http://wso2.com/ Phone : (+94) 774726790 Skype : prasad.jeewantha LinkedIn : http://www.linkedin.com/in/jeewanthad Twitter: https://twitter.com/jeewamp Blog: http://jeewanthad.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
