Any chance you could create a small testcase that shows the issue. Maybe modify the https sample or something? If I can get a testcase, I can definitely dig into it more and figure out what is going on. You can send it to me privately to [EMAIL PROTECTED] to avoid the apache filters that tend to strip attachments.
Dan On Tuesday 01 April 2008, Brendan Maguire (brmaguir) wrote: > Thanks for the reply Daniel. > > I tried using the 2.0.5 libraries but am still getting the exact same > errors. > > Am I setting it up correctly using the cxf.xml file? Any other ideas > on what the problem could be? > > Cheers, > Brenan > > -----Original Message----- > From: Daniel Kulp [mailto:[EMAIL PROTECTED] > Sent: 27 March 2008 18:38 > To: [email protected] > Cc: Brendan Maguire (brmaguir) > Subject: Re: Problems in using TLS > > > I don't suppose there would be any chance of you trying the 2.0.5 > stuff we're voting on? > http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/ > > I made some changes to the TLS stuff in 2.0.5 to make it work better > and with less configuration. > > Dan > > On Thursday 27 March 2008, brmaguir wrote: > > Hey, > > > > I'm trying to communicate with a web service using Apache CXF using > > TLS. When I specify TLS in the cxf.xml file using: > > > > <http-conf:tlsClientParameters > > secureSocketProtocol="TLS"> <sec:trustManagers> > > <sec:keyStore password="password" > > url="file:\C:/path/to/keystore"/> </sec:trustManagers> > > <sec:cipherSuitesFilter> > > <sec:include>.*.*.</sec:include> > > </sec:cipherSuitesFilter> > > </http-conf:tlsClientParameters> > > > > it is failing with the following error: > > > > 27-Mar-2008 11:06:03 org.apache.cxf.phase.PhaseInterceptorChain > > doIntercept INFO: Interceptor has thrown exception, unwinding now > > org.apache.cxf.interceptor.Fault: Connection reset > > at > > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePa > >rt s(AbstractOutDat abindingInterceptor.java:75) > > at > > org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutI > >nt erceptor.java:68 ) > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercep > >to rChain.java:207) at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:1 > >35 ) at $Proxy35.login(Unknown Source) > > at thirdPartyAPI.test.Test.loginAppuser(Test.java:135) > > at thirdPartyAPI.test.Test.main(Test.java:61) > > Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset > > at > > com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313) > > > at > > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePa > >rt s(AbstractOutDat abindingInterceptor.java:73) > > ... 9 more > > Caused by: java.net.SocketException: Connection reset > > at java.net.SocketInputStream.read(Unknown Source) > > at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown > > Source) > > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > > Source) at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(U > >nk nown Source) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > > Source) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > > Source) > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > > Source) at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connec > >t( Unknown Source) > > at > > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown > > Source) > > at > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Un > >kn own Source) > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handle > >He adersTrustCachin g(HTTPConduit.java:1766) > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirs > >tW rite(HTTPConduit .java:1734) > > at > > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedO > >ut putStream.java:4 2) > > at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) > > at > > com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214 > >) at > > com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) > > ... 10 more > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: > > Connection reset > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:1 > >75 ) at $Proxy35.login(Unknown Source) > > at thirdPartyAPI.test.Test.loginAppuser(Test.java:135) > > at thirdPartyAPI.test.Test.main(Test.java:61) > > Caused by: org.apache.cxf.interceptor.Fault: Connection reset > > at > > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePa > >rt s(AbstractOutDat abindingInterceptor.java:75) > > at > > org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutI > >nt erceptor.java:68 ) > > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercep > >to rChain.java:207) at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254) at > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:205) at > > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:1 > >35 ) ... 3 more > > Caused by: com.ctc.wstx.exc.WstxIOException: Connection reset > > at > > com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313) > > > at > > org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writePa > >rt s(AbstractOutDat abindingInterceptor.java:73) > > ... 9 more > > Caused by: java.net.SocketException: Connection reset > > at java.net.SocketInputStream.read(Unknown Source) > > at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown > > Source) > > > at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > > Source) at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(U > >nk nown Source) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > > Source) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > > > Source) > > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > > Source) at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connec > >t( Unknown Source) > > at > > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown > > Source) > > at > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Un > >kn own Source) > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handle > >He adersTrustCachin g(HTTPConduit.java:1766) > > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirs > >tW rite(HTTPConduit .java:1734) > > at > > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedO > >ut putStream.java:4 2) > > at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96) > > at > > com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214 > >) at > > com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) > > ... 10 more > > > > > > When I look at the trace in wireshark it shows the outgoing message > > from the CXF client as been SSLv2. The server then sends back a TCP > > RST. I've also tried using "TLSv1" and "SSLv3" as the protocol but > > the > > > > client uses SSLv2 regardless. > > > > I've also tried specifying the protocol via the code using: > > > > Client c = ClientProxy.getClient(port); > > HTTPConduit conduit = (HTTPConduit) c.getConduit(); > > TLSClientParameters params = > > conduit.getTlsClientParameters(); > > > params.setSecureSocketProtocol("TLS"); > > conduit.setTlsClientParameters(params); > > > > This still makes no difference. > > > > Any ideas on what's going wrong / how to fix it? Any help would be > > greatly appreciated. > > > > Regards, > > Brendan > > -- > J. Daniel Kulp > Principal Engineer, IONA > [EMAIL PROTECTED] > http://www.dankulp.com/blog -- J. Daniel Kulp Principal Engineer, IONA [EMAIL PROTECTED] http://www.dankulp.com/blog
