RE: WARNING: Exception getting SSL attributes
Return Receipt Your RE: WARNING: Exception getting SSL attributes document : was Kristján Bjarni Guðmundsson/BIS/Dev/REK/Hugvit received by: at: 04.11.2002 17:07:16 -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: WARNING: Exception getting SSL attributes
Ma, Yongjie wrote: I got same exception message. And Bill Barker told me this is a bug in Tomcat 4.1.12. Following message was from him: The SSL support in 4.1.12 is broken with JVM 1.4.x. You need to copy http://gump.covalent.net/jars/latest/jakarta-tomcat-connectors/tomcat-util.jar. jar to $CATALINA_HOME/server/lib to fix (or wait, hopefully not long, for 4.1.13). I tried this new jar file, yes, the exception message was disappeared. But It brings another problem, it will always ask client certificate even if you set ClientAuth=false. I did not try new 4.1.13 yet. Maybe you can try that one first. I also got the same errors using JSSE 1.0.3 and JSDK 1.3.1_01 with Tomcat 4.1.12. I upgraded Tomcat from 4.0.4 and I dont think I got these messages with that version. So it does look like a Tomcat issue. Scotty -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: WARNING: Exception getting SSL attributes
Hi Jack Adding the jar in seems to have fixed this nicely for me! Many thanks! Tim From: Ma, Yongjie [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: RE: WARNING: Exception getting SSL attributes Date: Fri, 1 Nov 2002 12:27:50 -0500 I got same exception message. And Bill Barker told me this is a bug in Tomcat 4.1.12. Following message was from him: The SSL support in 4.1.12 is broken with JVM 1.4.x. You need to copy http://gump.covalent.net/jars/latest/jakarta-tomcat-connectors/tomcat-util.jar. jar to $CATALINA_HOME/server/lib to fix (or wait, hopefully not long, for 4.1.13). I tried this new jar file, yes, the exception message was disappeared. But It brings another problem, it will always ask client certificate even if you set ClientAuth=false. I did not try new 4.1.13 yet. Maybe you can try that one first. Thanks Jack -Original Message- From: Tim C. [mailto:timuk10;hotmail.com] Sent: Thursday, October 31, 2002 7:40 AM To: [EMAIL PROTECTED] Subject: WARNING: Exception getting SSL attributes I was wondering whether anyone else has seen this or knows what it means. I am using HTTPS and the connections are made fine to the tomcat4.1.12 server (jakarta-tomcat-4.1.12-LE-jdk14). However, on each connection the following warning is given in the logs: WARNING: Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) at org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:543) at org.apache.coyote.Response.action(Response.java:216) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:314) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) What does this mean? Where have I gone wrong? TIA! _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
WARNING: Exception getting SSL attributes
I was wondering whether anyone else has seen this or knows what it means. I am using HTTPS and the connections are made fine to the tomcat4.1.12 server (jakarta-tomcat-4.1.12-LE-jdk14). However, on each connection the following warning is given in the logs: WARNING: Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) at org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:543) at org.apache.coyote.Response.action(Response.java:216) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:314) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) What does this mean? Where have I gone wrong? TIA! _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes
Francisco Queiros Pinto wrote: Hi, I've just upgraded Tomcat 4.1.10 to 4.1.12. When trying a secure connection, the browser asks me to accept the server certificate and seems to achieve it. However, contrary to the previous version, now the server generates the following error: (catalina.out) WARNING: Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) at org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) ... To see if there was anything wrong with the old certificate I've created a new certificate with: keytool -genkey -alias tomcat -keyalg RSA and started tomcat again. However, as previously, the browser still seems to open a secure connection with the server, but the server error still persists. Is this a bug or a feature related with a security vulnerability in the previous version? No, it's a warning that gets printed out although it shouldn't (basically, the connector tries to get the client certificate although client cert is not used). It has little ill effects except a performance decrease because the traces are printed out. It is already fixed in CVS, and will be fixed in the next release. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes
Hi, I've just upgraded Tomcat 4.1.10 to 4.1.12. When trying a secure connection, the browser asks me to accept the server certificate and seems to achieve it. However, contrary to the previous version, now the server generates the following error: (catalina.out) WARNING: Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) at org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) ... To see if there was anything wrong with the old certificate I've created a new certificate with: keytool -genkey -alias tomcat -keyalg RSA and started tomcat again. However, as previously, the browser still seems to open a secure connection with the server, but the server error still persists. Is this a bug or a feature related with a security vulnerability in the previous version? Anyone had similar problems? Regards, -- Francisco -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]