Francesca Milan ha scritto:
Niklas Therning ha scritto:
Francesca Milan wrote:
SSLContextFactory was this class
http://www.koders.com/java/fid8F948DB894E85F952BCCCB5B305BF92F0BE19DF6.aspx?s=bougus
Niklas Therning ha scritto:
Francesca Milan wrote:
<snip/>
SSLFilter filter = new
SSLFilter(SSLContextFactory.getInstance(true));
I'm not familiar with the SSLContextFactory class. Is that something
you've developed yourself? What does getInstance() do?
Make sure the SSLEngine you're using isn't set to client mode.
Hmmm, ok. And your client? Is it using MINA? Maybe your client doesn't
trust the bogus certificate used by the server? What does the stack
trace of the exception you get look like? Is the exception thrown on the
client or server side? What MINA version are you using?
Hi ;-),
my java client use Mina (version 0.9.4) and in the SocketConnector's
SessionCreated method I add sslFilter to the session:
...
SSLFilter filter = new SSLFilter(SSLContextFactory.getInstance(false));
filter.setUseClientMode(true);
session.getFilterChain().addFirst("sslFilter", filter);
...
session.getFilterChain().addLast("protocolFilter", new
ProtocolCodecFilter(this.codecFactory));
...
I've tryed to change the adding filter order but I hadn't good result :-/
I'm using Mina 0.9.4 for client and server both.
Here there's my stack trace.
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:110)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)6172
[Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
forzatamente la sessione: Initial SSL handshake failed.
at
org.apache.mina.common.support.AbstractIoFilterChain.messageReceived(AbstractIoFilterChain.java:492)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:285)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$4(SocketIoProcessor.java:234)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
Caused by: javax.net.ssl.SSLException: Received close_notify during
handshake
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1462)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)[DUBUG
- Handler] Sessione chiusa
I've tryed to change some things and now in the SessionCreated method I do:
if (mode==RTMP.MODE_CLIENT) {
SSLFilter filter = new
SSLFilter(SSLContextFactory.getInstance(false));
filter.setUseClientMode(true);
session.getFilterChain().addLast("sslFilter", filter);
Log.info("Connector SSL ON");
session.getFilterChain().addLast("protocolFilter",
new ProtocolCodecFilter(codecFactory));
} else{
SSLFilter filter = new
SSLFilter(SSLContextFactory.getInstance(true));
filter.setUseClientMode(false);
session.getFilterChain().addLast("sslFilter", filter);
Log.info("Acceptor SSL ON");
session.getFilterChain().addLast("protocolFilter",
new ProtocolCodecFilter(codecFactory));
}
But now I have these exception (at server side):
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)953
[Handler] ERROR Log - Handler exceptionCaught, è stata chiusa
forzatamente la sessione: Initial SSL handshake failed.
at
org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
Caused by: javax.net.ssl.SSLException: Received fatal alert:
certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:675)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:492)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
... 6 more
And these (at client side):
javax.net.ssl.SSLHandshakeException: Initial SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:428)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:501)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$5(AbstractIoFilterChain.java:495)
at
org.apache.mina.common.support.AbstractIoFilterChain$1.messageReceived(AbstractIoFilterChain.java:787)
at
org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:718)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:475)
at
org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:429)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:518)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:291)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:396)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown
Source)
at
org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:745)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:483)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path
validation failed: java.security.cert.CertPathValidatorException:
timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 16 more
Caused by: java.security.cert.CertPathValidatorException: timestamp
check failed
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
Source)
at
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
Source)
at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
... 23 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sun
Mar 11 00:59:59 CET 2007
at sun.security.x509.CertificateValidity.valid(Unknown Source)
at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
at
sun.security.provider.certpath.BasicChecker.verifyTimestamp(Unknown Source)
at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
[DUBUG - Handler] Sessione chiusa
... 27 more
Note that the certificate isn't expired and that I use the same
certificate for server and client both. :-( :-( :-(
