Thanks for the info. I turn the debug on and got more info:
09:52:05,298 INFO [STDOUT] http-127.0.0.1-443-1, handling exception:
javax.net.
ssl.SSLHandshakeException: null cert chain
Any idea?
Xinxin
dkulp wrote:
>
>
> All I can suggest is to check the server logs for any information there as
> well as try setting the system property:
> -Djavax.net.debug=all
> and kind of trace through what the ssl handshake is doing. Might reveal
> a
> strange key being used or something.
>
> Dan
>
>
> On Wed September 2 2009 10:47:53 am xinxinwang wrote:
>> I deployed my service on JBoss 4.2.3/JDK 1.6.0_10 with port 443 over SSL
>> with the following connector:
>>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true" clientAuth="true"
>> address="${jboss.bind.address}"
>> keystoreFile="${jboss.server.home.dir}/conf/server.keystore.jks"
>> keystorePass="testit"
>> truststoreFile="${jboss.server.home.dir}/conf/client.keystore.jks"
>> truststorePass="testit"
>> sslProtocol="TLS">
>> </Connector>
>>
>> I created both server.keystore.jks and client.keystore.jks using JDK
>> keytool with RSA algorithm.
>>
>> My client is located on the same machine. I am using
>> https://localhost:443/.... to connect to the service.
>> I am using the following code to set up the httpconduit and invoke the
>> service:
>>
>>
>> Service service = Service.create(new QName(namespace, serviceName));
>> QName portQName = new QName(namespace, portTypeName);
>> service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING, endPoint);
>> dispPayload = service.createDispatch(portQName, Source.class,
>> Service.Mode.PAYLOAD);
>> BindingProvider bp = (BindingProvider)service.getPort(portQName,
>> Source.class);
>>
>> HTTPConduit httpConduit =
>> (HTTPConduit)ClientProxy.getClient(bp).getConduit();
>> TLSClientParameters tlsParams = new TLSClientParameters();
>> tlsParams.setDisableCNCheck(true);
>>
>> KeyStore trustStore = KeyStore.getInstance("JKS");
>> String trustpass = "testit";//provide trust pass
>> InputStream trustStream =
>> Thread.currentThread().getContextClassLoader().getResourceAsStream("server.
>> keystore.jks"); trustStore.load(trustStream, trustpass.toCharArray());
>> TrustManagerFactory trustFactory =
>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
>> trustFactory.init(trustStore);
>> TrustManager[] tm = trustFactory.getTrustManagers();
>> tlsParams.setTrustManagers(tm);
>>
>> KeyStore keyStore = KeyStore.getInstance("JKS");
>> String keypass = "testit";//provide client keystore pass
>> InputStream keyStream =
>> Thread.currentThread().getContextClassLoader().getResourceAsStream("client.
>> keystore.jks"); keyStore.load(keyStream, keypass.toCharArray());
>> KeyManagerFactory keyFactory =
>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
>> keyFactory.init(keyStore, keypass.toCharArray());
>> KeyManager[] km = keyFactory.getKeyManagers();
>> tlsParams.setKeyManagers(km);
>>
>> FiltersType filter = new FiltersType();
>> filter.getInclude().add(".*_EXPORT_.*");
>> filter.getInclude().add(".*_EXPORT1024_.*");
>> filter.getInclude().add(".*_WITH_DES_.*");
>> filter.getInclude().add(".*_WITH_NULL_.*");
>> filter.getExclude().add(".*_DH_anon_.*");
>> tlsParams.setCipherSuitesFilter(filter);//set all the needed include and
>> exclude filters.
>>
>> httpConduit.setTlsClientParameters(tlsParams);
>>
>>
>> InputStream inputStream =
>> Thread.currentThread().getContextClassLoade().getResourceAsStream(request);
>>
>> DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
>> factory.setNamespaceAware(true);
>> DocumentBuilder builder = factory.newDocumentBuilder();
>> Document document = builder.parse(inputStream);
>> Source requestSource = new DOMSource(document);
>>
>> Source response = dispPayload.invoke(requestSource);
>>
>> When I run the client code, I got the following Exception at the line
>> above:
>>
>> org.apache.cxf.interceptor.Fault: Could not send Message.
>> at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:64) at
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> n.java:236) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301) at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253) at
>> org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:288) at
>> org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:257) at
>> org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:195) at
>> mil.army.soa.adsl.client.DataServiceClient.retrieve(DataServiceClient.java:
>> 115) at
>> mil.army.soa.adsl.tester.DataServiceTester.main(DataServiceTester.java:37)
>> Caused by: java.net.SocketException: Software caused connection abort:
>> recv
>> failed
>> at java.net.SocketInputStream.socketRead0(Native Method)
>> at java.net.SocketInputStream.read(SocketInputStream.java:129)
>> at
>> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
>> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:78
>> 9) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:
>> 1435) at
>> com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.ja
>> va:103) at
>> com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.jav
>> a:612) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Cli
>> entHandshaker.java:868) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandsha
>> ker.java:794) at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshak
>> er.java:226) at
>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
>> at
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:88
>> 4) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocke
>> tImpl.java:1096) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav
>> a:1123) at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav
>> a:1107) at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr
>> actDelegateHttpsURLConnection.java:166) at
>> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnecti
>> on.java:881) at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLC
>> onnectionImpl.java:230) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeaders
>> TrustCaching(HTTPConduit.java:1909) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(
>> HTTPConduit.java:1864) at
>> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputSt
>> ream.java:42) at
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>> utStream.java:69) at
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>> duit.java:1927) at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>> at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) at
>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>> rceptor.handleMessage(MessageSenderInterceptor.java:62) ... 9 more
>>
>> If I set the clientAuth="false", I do not get this exception.
>>
>> Thanks for any help,
>>
>> Xinxin
>>
>
> --
> Daniel Kulp
> dk...@apache.org
> http://www.dankulp.com/blog
>
>
--
View this message in context:
http://www.nabble.com/CXF-Client%3A-Software-caused-connection-abort%3A-recv-failed-tp25259046p25294876.html
Sent from the cxf-user mailing list archive at Nabble.com.
