Hi Matl, Some issue related to SSL configuration were fixed in 2.1 RC6. However, it is possible that it introduced a regression.
Could you enter an issue and help us debugging/fixing it? Thanks, Jerome -- http://www.restlet.com http://twitter.com/#!/jlouvel -----Message d'origine----- De : Matl Bre [mailto:nesq...@gmx.net] Envoyé : jeudi 13 septembre 2012 13:18 À : discuss@restlet.tigris.org Objet : RE: SSL handshake failure after Upgrade from 2.1 RC5 to 2.1 RC6 Hello, I looked now a bit closer, and with jetty's debug settings on I get following exception: javax.net.ssl.SSLHandshakeException: null cert chain at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:248) at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:13 88) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:179) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610) at sun.security.ssl.Handshaker.process_record(Handshaker.java:546) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:11 90) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201) at org.eclipse.jetty.server.ssl.SslSocketConnector$SslConnectorEndPoint.run(Ssl SocketConnector.java:665) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java: 608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:5 43) at java.lang.Thread.run(Thread.java:636) Sure, the "null cert chain" would suggest that there is something wrong with my certs/keystore, still I am only exchanging libraries, and leave the rest as it is. No one else run into that? What changed between RC5 and RC6? > Hello, > > I am using restlet with jetty, SSL connector plus self signed > certificate for some android app webservice. > > It turns out that my after the upgrade mentioned in the subject I get > the following error when accessing with browser to the webservice: > > SSL peer cannot verify your certificate. > (Error code: ssl_error_bad_cert_alert) > > well usually when I access the webservice via browser I of course get > the certificate warning (as it is selfsigned) but still can access it. > > There seems to be no log entry about this issue from the restlet > service. > > Kind Regards, > Matl Bre ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=30056 97 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3009676
