It will look like this:
CONNECTED(00000003)
3077671112:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
internal error:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
In my efforts to fix the bug I:
1. tried redoing the keystore a few times
2. tried different options of openssl for possibly triggering it to look up
some cert or something
3. thought, hmm, I don't see any log of where the BouncyCastle is actually
being used, so I copied those jars in conf/lib
but then of course I had configuration issues with spring.xml so I tried
removing the MANIFEST.MF, but of course this unsign's the jars
so probably wouldn't be used anyways.
4. tried copying the sunjce, had to de-manifest it. tried it in different
places in the class path.
5. tried ice tea 6 verses 7, so that I could use the jars without zip -d META/*
6. did a billion searches for "no peer certificate available" but didn't get
anything good.
7. tried to find the point in the james source which is actually loading the
BouncyCastle, because I noticed if I modified that <provider>org…</provider>
xml frag to be invalid, it would give the same error mysteriously.
8. got the debugging increased finally.
9. finally came across:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
10. installed the stupid sun java.
and walah, it worked.
so if you find yourself doing 1-10, maybe skip to 10.
Curiously, during this time hotmail just doesn't care about the certificate,
delivered stuff anyways. Google stopped delivering.
Lol.
-tim
On Jul 8, 2012, at 9:30 PM, Ioan Eugen Stan wrote:
> Thanks for sharing Timothy! If I remember right this should become an
> issue on JIRA / somewhere else.
> Is there any other information that you could share on this so we can
> best describe it for other people?
>
> Thanks,
>
> 2012/7/9 Timothy Prepscius <timprepsc...@gmail.com>:
>> Okay, I just literally spent 10 hours on one bug.
>>
>>
>>
>> If, you do all your ssl certificate stuff, and you are getting nowhere with
>> ssl actually working.
>> you're getting some "no peer certificate" error…
>> and no negotiation is occurring
>>
>>
>> check to see if you are running IceTea java.
>> if you are get rid of it, and use sun.
>>
>> http://askubuntu.com/questions/56104/how-can-i-install-oracle-java-jre-7
>>
>>
>>
>> Apparently this is an ice tea issue..
>>
>>
>>
>>
>> -tim
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>> For additional commands, e-mail: server-user-h...@james.apache.org
>>
>
>
>
> --
> Ioan Eugen Stan / CTO / http://axemblr.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
> For additional commands, e-mail: server-user-h...@james.apache.org
>
