Andrew Feller wrote: > > Marc, > Can you post the error message you are receiving? > Thanks andrew > ->on the client log (with ssl.debug=all) you can see(remark i use > *.domain.fr): > -------LOG----- > -adding as trusted cert: > Subject: CN=*.domain.fr, OU=Essec, O=essec, L=cergy, ST=valdoise, C=fr > Issuer: CN=*.domain.fr, OU=Essec, O=essec, L=cergy, ST=valdoise, C=fr > Algorithm: RSA; Serial number: 0xe6843314426084ec > Valid from Fri Mar 13 14:55:03 CET 2009 until Sat Mar 13 14:55:03 CET 2010 > > and few lines after: > TP-Processor8, received EOFException: error > TP-Processor8, handling exception: javax.net.ssl.SSLHandshakeException: > Remote host closed connection during handshake > TP-Processor8, SEND TLSv1 ALERT: fatal, description = handshake_failure > TP-Processor8, WRITE: TLSv1 Alert, length = 2 > [Raw write]: length = 7 > 0000: 15 03 01 00 02 02 28 ......( > TP-Processor8, called closeSocket() > [ERROR,Cas20ServiceTicketValidator,TP-Processor8] > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) > ... > caused by: > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) > ... 47 more > ----LOG-- > > It seems you are > front-ending Apache Tomcat with Apache HTTPD, correct? > ->yes no apr possible for the moment ... > and yes i use mod jk frontend > the CA have been installed with the installCert jasig code in the cacert > jvm file. > and i can confirm the ticket if if put the ssl request from a std > navigator or in a stupid java client(using same jvm ) > who request the ssl and get the reponse > > Regards > Marc > > > > A- > > > On 3/16/09 8:18 AM, "killbulle" <[email protected]> wrote: > >> >> hi the list >> i'am sorry to ask the list for a perhaps a stupid ssl problem >> i'have a spring security client who fail to validate in the cas ticket >> validator >> with the Remote host closed connection during handshake during validation >> i can certify that the certicate is trusted(in cacert)as i can call the >> validation with a stupid ssl client on the same jvm, >> and in the ssl.debug log ni can see it >> The problem can also come from my certifacte cn wich is like >> *.cas.mydomain.fr >> note that i also use modjk (for historic reason...) >> i've found some post about useStrictHostNameChecking , but i don't know >> if >> this peroerty still exist in cas-client >> regards >> Marc > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > >
-- View this message in context: http://www.nabble.com/SSL-Remote-host-closed-connection-during-handshake-during-validation-tp22537967p22539874.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
