-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan,
On 1/29/16 3:55 PM, Hrivnak, Dan wrote: > In case anyone was following this or seeing similar issues, I was > able to track it down. When debugging into the Axis library code > itself I was able to see one more frame of the stack trace > (java.security.InvalidAlgorithmParameterException: parameter > object not a ECParameterSpec) before it got swallowed up, which led > me to this article: > http://iwang.github.io/support/2014/03/14/cxf-cause-https-error.html > > > > Basically, my classpath had a version of the bouncycastle library > meant for JDK 1.4, causing the issue with the ECDH key exchange > during the TLS handshake. Removing it solved the problem! Oh, man. That'll definitely do it. > Now, in case you are still reading, I can explain why the problem > only appeared in the context of running inside Tomcat. Looking at > the maven dependency tree to see where bouncycastle for JDK 1.4 > came from, I learned that jfreechart listed it as a dependency. Nice! I'm always careful to make sure that all my charts are encrypted, so it's great that jFreeChart pulls BC as a dependency. (WTF? ) > Axis, on the other hand, listed bouncycastle for JDK 1.5+ in its > transitive dependencies. Since my unit test was inside a module > that wasn’t concerned with jfreechart, its classpath only had the > newer bouncycastle library. But Tomcat, since its classpath > contained everything my entire application cared about, had both > versions of bouncycastle. And apparently the classloader decided to > pick up the old one at runtime. Heisenbugs all the way down. > The moral of the story is that Byteman will be a great tool to > keep handy for times when a stack trace is dropped on the floor by > code you don’t control. Looks like a handy tool, especially being able to predictably stall programs for multi-threaded testing. Force the JVM to behave like those theoretical "thread A does this then thread B does this" interleave diagrams that show the potential for deadlock/whatever? Sweet . I'm glad you got to the bottom of this. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlar6PcACgkQ9CaO5/Lv0PBd9wCgrN/jOVqqiTazXN5YSKvUn2hh l1sAnjcD9/pwcZyAcz2yb6Bw7wSJGHG+ =cNHp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
