Thanks for the info. I turn the debug on and got more info: 09:52:05,298 INFO [STDOUT] http-127.0.0.1-443-1, handling exception: javax.net. ssl.SSLHandshakeException: null cert chain
Any idea? Xinxin dkulp wrote: > > > All I can suggest is to check the server logs for any information there as > well as try setting the system property: > -Djavax.net.debug=all > and kind of trace through what the ssl handshake is doing. Might reveal > a > strange key being used or something. > > Dan > > > On Wed September 2 2009 10:47:53 am xinxinwang wrote: >> I deployed my service on JBoss 4.2.3/JDK 1.6.0_10 with port 443 over SSL >> with the following connector: >> >> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" clientAuth="true" >> address="${jboss.bind.address}" >> keystoreFile="${jboss.server.home.dir}/conf/server.keystore.jks" >> keystorePass="testit" >> truststoreFile="${jboss.server.home.dir}/conf/client.keystore.jks" >> truststorePass="testit" >> sslProtocol="TLS"> >> </Connector> >> >> I created both server.keystore.jks and client.keystore.jks using JDK >> keytool with RSA algorithm. >> >> My client is located on the same machine. I am using >> https://localhost:443/.... to connect to the service. >> I am using the following code to set up the httpconduit and invoke the >> service: >> >> >> Service service = Service.create(new QName(namespace, serviceName)); >> QName portQName = new QName(namespace, portTypeName); >> service.addPort(portQName, SOAPBinding.SOAP11HTTP_BINDING, endPoint); >> dispPayload = service.createDispatch(portQName, Source.class, >> Service.Mode.PAYLOAD); >> BindingProvider bp = (BindingProvider)service.getPort(portQName, >> Source.class); >> >> HTTPConduit httpConduit = >> (HTTPConduit)ClientProxy.getClient(bp).getConduit(); >> TLSClientParameters tlsParams = new TLSClientParameters(); >> tlsParams.setDisableCNCheck(true); >> >> KeyStore trustStore = KeyStore.getInstance("JKS"); >> String trustpass = "testit";//provide trust pass >> InputStream trustStream = >> Thread.currentThread().getContextClassLoader().getResourceAsStream("server. >> keystore.jks"); trustStore.load(trustStream, trustpass.toCharArray()); >> TrustManagerFactory trustFactory = >> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); >> trustFactory.init(trustStore); >> TrustManager[] tm = trustFactory.getTrustManagers(); >> tlsParams.setTrustManagers(tm); >> >> KeyStore keyStore = KeyStore.getInstance("JKS"); >> String keypass = "testit";//provide client keystore pass >> InputStream keyStream = >> Thread.currentThread().getContextClassLoader().getResourceAsStream("client. >> keystore.jks"); keyStore.load(keyStream, keypass.toCharArray()); >> KeyManagerFactory keyFactory = >> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); >> keyFactory.init(keyStore, keypass.toCharArray()); >> KeyManager[] km = keyFactory.getKeyManagers(); >> tlsParams.setKeyManagers(km); >> >> FiltersType filter = new FiltersType(); >> filter.getInclude().add(".*_EXPORT_.*"); >> filter.getInclude().add(".*_EXPORT1024_.*"); >> filter.getInclude().add(".*_WITH_DES_.*"); >> filter.getInclude().add(".*_WITH_NULL_.*"); >> filter.getExclude().add(".*_DH_anon_.*"); >> tlsParams.setCipherSuitesFilter(filter);//set all the needed include and >> exclude filters. >> >> httpConduit.setTlsClientParameters(tlsParams); >> >> >> InputStream inputStream = >> Thread.currentThread().getContextClassLoade().getResourceAsStream(request); >> >> DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); >> factory.setNamespaceAware(true); >> DocumentBuilder builder = factory.newDocumentBuilder(); >> Document document = builder.parse(inputStream); >> Source requestSource = new DOMSource(document); >> >> Source response = dispPayload.invoke(requestSource); >> >> When I run the client code, I got the following Exception at the line >> above: >> >> org.apache.cxf.interceptor.Fault: Could not send Message. >> at >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte >> rceptor.handleMessage(MessageSenderInterceptor.java:64) at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >> n.java:236) at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:471) at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:301) at >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:253) at >> org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:288) at >> org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:257) at >> org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:195) at >> mil.army.soa.adsl.client.DataServiceClient.retrieve(DataServiceClient.java: >> 115) at >> mil.army.soa.adsl.tester.DataServiceTester.main(DataServiceTester.java:37) >> Caused by: java.net.SocketException: Software caused connection abort: >> recv >> failed >> at java.net.SocketInputStream.socketRead0(Native Method) >> at java.net.SocketInputStream.read(SocketInputStream.java:129) >> at >> com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) >> at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:78 >> 9) at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java: >> 1435) at >> com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.ja >> va:103) at >> com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.jav >> a:612) at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Cli >> entHandshaker.java:868) at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandsha >> ker.java:794) at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshak >> er.java:226) at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:88 >> 4) at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocke >> tImpl.java:1096) at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav >> a:1123) at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.jav >> a:1107) at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr >> actDelegateHttpsURLConnection.java:166) at >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnecti >> on.java:881) at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLC >> onnectionImpl.java:230) at >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeaders >> TrustCaching(HTTPConduit.java:1909) at >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite( >> HTTPConduit.java:1864) at >> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputSt >> ream.java:42) at >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp >> utStream.java:69) at >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon >> duit.java:1927) at >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) >> at >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) at >> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte >> rceptor.handleMessage(MessageSenderInterceptor.java:62) ... 9 more >> >> If I set the clientAuth="false", I do not get this exception. >> >> Thanks for any help, >> >> Xinxin >> > > -- > Daniel Kulp > dk...@apache.org > http://www.dankulp.com/blog > > -- View this message in context: http://www.nabble.com/CXF-Client%3A-Software-caused-connection-abort%3A-recv-failed-tp25259046p25294876.html Sent from the cxf-user mailing list archive at Nabble.com.