StartTLS is a general mechanism that allows you to (re)initiate an SSL session. There's no standard in how we initiate an SSL session in StartTLS, but the following is typical:
* Client asks for an SSL session to the server (plain text message)
* Server prepares for an SSL session and respond to the client that it's
ready (plain text message)
* Client initiates an SSL session (SSL part from here...)
So.. you need to have some agreement on what message to exchange between
the client and the server to initiate an SSL session. In the
ConnectorTest, I used '.' as the initiation request message, and I think
you will want something more meaningful instead of '.'.
HTH,
Trustin
2008-02-19 (화), 23:38 +0800, Kok Hoor (GMail) 쓰시길:
> Hi all,
>
> I am using Mina 1.1.6 (downloaded the binary release, I don't Maven too
> well), and am using org.apache.mina.example.echoserver.ConnectorTest to
> connect to the echo server, both setup using SSL.
>
> I have noticed however, in the ConnectorTest.java, the following restart SSL
> fails:
>
> connectorSSLFilter.startSSL(session);
>
> As it will cause an 'javax.net.ssl.SSLProtocolException:Illegal client
> handshake msg, 1' exception to be thrown.
>
> I looked around the ConnectorTest and discovered that it sends a single-byte
> message containing '.' before it calls startSSL. Therefore, I played around
> a bit, and modified the echoserver handler to call startSSL when the '.' is
> received. Amazingly it works, though I doubt I am doing this correctly. The
> modified messageReceived function in EchoProtocolHandler is below:
>
> <code>
> public void messageReceived(IoSession session, Object message) throws
> Exception {
> ...
> ByteBuffer rb = (ByteBuffer) message;
> // if message received is single-byte '.', then reply with '.', and
> startSSL.
> if ( rb.remaining() == 1 && rb.get() == '.' )
> {
> ByteBuffer wb = ByteBuffer.allocate(1);
> wb.put((byte)'.');
> wb.flip();
> session.write(wb).join();
>
> SSLHandler handler = (SSLHandler)
> session.getAttribute(SSLFilter.class.getName() + ".SSLHandler");
> SSLFilter filter = handler.getParent();
> if ( !filter.isSSLStarted(session) )
> {
> log.info( "Restarting SSL" );
> filter.startSSL(session);
> }
>
> return;
> }
> ...
> }
> </code>
>
> My question is:
>
> 1) Is this the right way to do things?
> 2) If it is correct, do I need the join in 'session.write(wb).join();', or
> should I not wait for the join to prevent server from not being able to
> properly parse startSSL message from the client?
>
> Thanks in advanced.
>
> Regards,
> Kok Hoor
>
--
Trustin Lee - Principal Software Engineer, JBoss, Red Hat
--
what we call human nature is actually human habit
--
http://gleamynode.net/
signature.asc
Description: This is a digitally signed message part
