Hi,
I am testing CXF 2.7.6 on AIX 6.1 with IBM J9 JDK 7 JVM. The client and server are on two different machines of same kind in both the cases IBM JVM (same version) are used. Both the servers have trustore/keystores based on VeriSign signed certificates for the respective machines. Server Side SSL Configuration: <httpj:engine-factory bus="cxf"> <httpj:engine port="7643"> <httpj:tlsServerParameters secureSocketProtocol="SSL"> <csec:trustManagers> <csec:keyStore type="JKS" password="..." file="server.jks"/> </csec:trustManagers> <csec:keyManagers keyPassword="..."> <csec:keyStore type="JKS" password="..." file="server.jks"/> </csec:keyManagers> <csec:clientAuthentication want="false" required="false"/> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> Client Side SSL Configuration: <http:conduit name="*.http-conduit"> <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="SSL"> <sec:trustManagers> <sec:keyStore type="JKS" password="..." file="client.jks"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> I am getting the following error: [java] Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: Violated path length constraints[java] at com.ibm.jsse2.j.a(j.java:39) [java] at com.ibm.jsse2.qc.a(qc.java:337) [java] at com.ibm.jsse2.ab.a(ab.java:225) [java] at com.ibm.jsse2.ab.a(ab.java:162) [java] at com.ibm.jsse2.bb.a(bb.java:352) [java] at com.ibm.jsse2.bb.a(bb.java:13) [java] at com.ibm.jsse2.ab.r(ab.java:75) [java] at com.ibm.jsse2.ab.a(ab.java:532) [java] at com.ibm.jsse2.qc.a(qc.java:158) [java] at com.ibm.jsse2.qc.h(qc.java:272) [java] at com.ibm.jsse2.qc.a(qc.java:234) [java] at com.ibm.jsse2.qc.startHandshake(qc.java:8) [java] at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:111) [java] at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:18) [java] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1099) [java] at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:11) [java] at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)[java] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)[java] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234) [java]at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)[java] at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) [java] at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) [java] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291) [java] ... 16 more [java] Caused by: com.ibm.jsse2.util.h: Violated path length constraints It works fine: 1) with IBM JDK 6 using spring configuration files shown above as well as Oracle/Sun JDK 7 on windows 7 desktop. 2) When server.jks file is used on the client side configuration with IBM JDK 7. 3) Works fine when the truststore is configured via system properties of java client process using JDK 7: java -Dcxf.config.file=client.xml -Djavax.net.debug=all -Djavax.net.ssl.trustStore=client.jks -Djavax.net.ssl.trustStorePassword=... -Dhttps.protocols=SSLv3 com.mycomany.Client configuration file is without any SSL configuration as shown below (client.xml): <http:conduit name="*.http-conduit"> </http:conduit> Thanks, Venkat
