You should try to use an unrestricted JCE policy by downloading it from java.sun.com for your specific execution jvm (http://java.sun.com/javase/downloads/index.jsp if you do have a v6 - look at the bottom of the page). Extract the files in your execution <JDK>/<JRE>/lib/security dir to remove restrictions. Then reexecute your program. If it works, then the problem was that your cert file encryption strength and/or algorithm wasn't allowed within your country (these restrictions are country specific and maybe overriden under certain jurisdiction agreements). Regards, -Edouard De Oliveira- http://tedorg.free.fr/en/main.php
----- Message d'origine ---- De : Francesca Milan <[EMAIL PROTECTED]> À : dev@mina.apache.org Envoyé le : Jeudi, 8 Novembre 2007, 17h30mn 49s Objet : Re: SSL problem Francesca Milan ha scritto: > Niklas Therning ha scritto: >> Francesca Milan wrote: >> >>> SSLContextFactory was this class >>> http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus >>> >>> >>> >>> Niklas Therning ha scritto: >>> >>>> Francesca Milan wrote: >>>> >>>> >>>>> <snip/> >>>>> >>>>> SSLFilter filter = new >>>>> SSLFilter(SSLContextFactory.getInstance(true)); >>>>> >>>> I'm not familiar with the SSLContextFactory class. Is that something >>>> you've developed yourself? What does getInstance() do? >>>> >>>> Make sure the SSLEngine you're using isn't set to client mode. >>>> >>>> >> Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't >> trust the bogus certificate used by the server? What does the stack >> trace of the exception you get look like? Is the exception thrown on the >> client or server side? What MINA version are you using? >> >> > Hi ;-), > > my java client use Mina (version 0.9.4) and in the SocketConnector's > SessionCreated method I add sslFilter to the session: > ... > SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false)); > filter.setUseClientMode(true); > session.getFilterChain().addFirst("sslFilter", filter); > ... > session.getFilterChain().addLast("protocolFilter", new > ProtocolCodecFilter(this.codecFactory)); > ... > > I've tryed to change the adding filter order but I hadn't good result :-/ > I'm using Mina 0.9.4 for client and server both. > Here there's my stack trace. > > javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. > at > org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501) > > at > org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495) > > at > org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787) > > at > org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110) > > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172 > [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa > forzatamente la sessione: Initial SSL handshake failed. > > at > org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492) > > at > org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285) > > at > org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245) > > at > org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234) > > at > org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566) > > Caused by: javax.net.ssl.SSLException: Received close_notify during > handshake > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462) > > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961) > > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787) > > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG > - Handler] Sessione chiusa I've tryed to change some things and now in the SessionCreated method I do: if (mode==RTMP.MODE_CLIENT) { SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false)); filter.setUseClientMode(true); session.getFilterChain().addLast("sslFilter", filter); Log.info("Connector SSL ON"); session.getFilterChain().addLast("protocolFilter", new ProtocolCodecFilter(codecFactory)); } else{ SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(true)); filter.setUseClientMode(false); session.getFilterChain().addLast("sslFilter", filter); Log.info("Acceptor SSL ON"); session.getFilterChain().addLast("protocolFilter", new ProtocolCodecFilter(codecFactory)); } But now I have these exception (at server side): javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501) at org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495) at org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787) at org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718) at org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953 [Handler] ERROR Log - Handler exceptionCaught, è stata chiusa forzatamente la sessione: Initial SSL handshake failed. at org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429) Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492) at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291) at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396) ... 6 more And these (at client side): javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed. at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501) at org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495) at org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787) at org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718) at org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475) at org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518) at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291) at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396) ... 6 more Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483) ... 8 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed at sun.security.validator.PKIXValidator.doValidate(Unknown Source) at sun.security.validator.PKIXValidator.doValidate(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 16 more Caused by: java.security.cert.CertPathValidatorException: timestamp check failed at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source) at java.security.cert.CertPathValidator.validate(Unknown Source) ... 23 more Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun Mar 11 00:59:59 CET 2007 at sun.security.x509.CertificateValidity.valid(Unknown Source) at sun.security.x509.X509CertImpl.checkValidity(Unknown Source) at sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source) at sun.security.provider.certpath.BasicChecker.check(Unknown Source) [DUBUG - Handler] Sessione chiusa ... 27 more Note that the certificate isn't expired and that I use the same certificate for server and client both. :-( :-( :-( _____________________________________________________________________________ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
