I think you can just change the code to read as follows when it creates the
SSLContext:
SSLContext ctx = SSLContext.getInstance("TLSv1");
I don't know if TLS will downgrade to SSL if that's all that's available.
Karl
On Tue, Jan 14, 2020 at 6:02 PM Jörn Franke <jornfra...@gmail.com> wrote:
> Yes it you do not change this setting as what I suspect happens here. See
> my previous mail for details.
>
> Am 14.01.2020 um 23:51 schrieb Karl Wright <daddy...@gmail.com>:
>
>
> It looks looks TLS is actually enabled in the SSLSocketFactory framework
> based on how you create the SSLSocketContext. See:
>
> https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
>
> Karl
>
>
> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright <daddy...@gmail.com> wrote:
>
>> The design of ManifoldCF deliberately manages keystores on a connection
>> by connection basis, not globally. If you think the only way to implement
>> TLS is via global keystore I very much doubt it.
>>
>> I am on the road until late tomorrow but somewhere along the line I can
>> do some research into why TLS won't work as we are currently doing it.
>>
>> Karl
>>
>>
>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <jornfra...@gmail.com>
>> wrote:
>>
>>> These are TLS only. So maybe you have other servers where tls and ssl
>>> are possible and it downgrades to ssl.however, this is speculation and I
>>> need to verify it. I have to rebuilt manifold for that. Probably I have to
>>> reinstall everything as the keystorefactory is a dependency in the
>>> connector.
>>>
>>> Am 14.01.2020 um 18:34 schrieb Karl Wright <daddy...@gmail.com>:
>>>
>>>
>>> If you can recommend changes to support TLS, that would be great. The
>>> basic infrastructure should still work; it is just a custom keystone and
>>> associated SSLSocketFactory, which I think also is used for TLS
>>> connections, unless I am missing something.
>>>
>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <jornfra...@gmail.com> wrote:
>>>
>>>> Yes this works fine. I believe the error comes from the fact that TLS
>>>> connections are not supported.
>>>>
>>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar <
>>>> michael.ciz...@mcplusa.com>:
>>>>
>>>>
>>>>
>>>> If you want to test the url and the ssl, I would recommend attempting
>>>> using SSLPoke to confirm that they keystore is setup properly:
>>>>
>>>>
>>>>
>>>> https://github.com/MichalHecko/SSLPoke
>>>>
>>>>
>>>>
>>>> Michael
>>>>
>>>>
>>>>
>>>> *From: *Karl Wright <daddy...@gmail.com>
>>>> *Reply-To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
>>>> *Date: *Tuesday, January 14, 2020 at 7:21 AM
>>>> *To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
>>>> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed
>>>> to create service
>>>>
>>>>
>>>>
>>>> Hmm, others have succeeded setting up SSL connections with the current
>>>> code. Hoping they chime in here.
>>>>
>>>>
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <jornfra...@gmail.com> wrote:
>>>>
>>>> It seems that it has indeed a certificate issue as it cannot find a
>>>> valid certification path to the target. The thing is: I added those
>>>> certificates in the UI should it should not happen.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Am 10.01.2020 um 20:51 schrieb Jörn Franke <jornfra...@gmail.com>:
>>>>
>>>> 2.15 ...
>>>>
>>>> I will try on the weekend to see if I can get some logs out of it.
>>>>
>>>>
>>>>
>>>> Am 10.01.2020 um 19:02 schrieb Karl Wright <daddy...@gmail.com>:
>>>>
>>>> Can I ask what version of MCF you are using? There were issues with
>>>> SSL in the first release of the csws connector if I recall correctly, that
>>>> were fixed for the second release.
>>>>
>>>>
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <jornfra...@gmail.com>
>>>> wrote:
>>>>
>>>> I added root, intermediate and server certificate (in base64 cer, it
>>>> seems to be recognized by manifoldcf), but I still get the same message. I
>>>> will try to get somehow the full stacktrace
>>>>
>>>>
>>>>
>>>> Am 10.01.2020 um 17:21 schrieb Karl Wright <daddy...@gmail.com>:
>>>>
>>>> If you are using SSL you need to have the proper certificate saved in
>>>> the connection's keystore.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <jornfra...@gmail.com>
>>>> wrote:
>>>>
>>>> It is actually a server using configuration of the command - driven
>>>> multi-process model (but the agents executed as a service and the war on a
>>>> tomcat executed as a service) under Linux.
>>>>
>>>>
>>>>
>>>> I thought as well that it cannot reach the webservices, the question is
>>>> why. On the same server I can reach the webservices and fetch the WSDL
>>>> without issues.
>>>>
>>>> Maybe sth related to ssl ?
>>>>
>>>>
>>>>
>>>> Am 10.01.2020 um 14:59 schrieb Karl Wright <daddy...@gmail.com>:
>>>>
>>>> How are you running manifoldcf? Single process example, or a custom
>>>> setup of some kind?
>>>>
>>>> This exception is a "catch all" exception generated far below anything
>>>> in ManifoldCF, but usually means it cannot download the WSDLs from the
>>>> service. Getting the full exception dumped in the log requires a "hack" to
>>>> the check() method of the connector, but I'm pretty sure that's what's
>>>> happening anyway.
>>>>
>>>> Karl
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <jornfra...@gmail.com>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I tried to use the CSWS connector, but already for the Authority
>>>> connection I receive a
>>>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to
>>>> create service.
>>>>
>>>> Unfortunately I don’t see more details , also not in the log (debug is
>>>> activated). I try to get a little bit more output by modifying the
>>>> connector, but maybe someone has already an idea why this can happen?
>>>>
>>>> Are there some special instructions to use it? The pointers to the
>>>> webservices are correct, I tested via Curl and SOAPUI.
>>>>
>>>>
>>>> Thank you.
>>>> Best regards
>>>>
>>>>
