Steven created QPIDJMS-181: ------------------------------ Summary: Cannot connect Qpid-Broker using the SSL Key: QPIDJMS-181 URL: https://issues.apache.org/jira/browse/QPIDJMS-181 Project: Qpid JMS Issue Type: Bug Components: qpid-jms-client Affects Versions: 0.9.0 Environment: Windows7、jdk,the broker is in linux7.2 Reporter: Steven
The below link address is Qpid latest Client API Documentation,https://qpid.apache.org/releases/qpid-jms-0.9.0/docs/index.html,According to its configuration with ssl,My Connection URL is connectionfactory.qpidConnectionfactory = amqps://QpidServer:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456,It reported the following error: 2016-05-25 17:55:30,230 [main ] - ERROR JmsConnectionFactory - Failed to create JMS Provider instance for: amqps Caught exception, exiting. javax.jms.JMSException: Failed to create connection to: amqps://QpidServer:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456 at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66) at org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172) at org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161) at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92) at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) at javax.net.ssl.SSLEngine.unwrap(Unknown Source) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141) at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891) ... 13 more Caused by: java.security.cert.CertificateException: No name matching QpidServer found at sun.security.util.HostnameChecker.matchDNS(Unknown Source) at sun.security.util.HostnameChecker.match(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 22 more If I was using the following connection URL: connectionfactory.qpidConnectionfactory = amqps://192.168.82.57:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456 It reported the following error. 2016-05-25 18:32:19,094 [main ] - ERROR JmsConnectionFactory - Failed to create JMS Provider instance for: amqps Caught exception, exiting. javax.jms.JMSException: Failed to create connection to: amqps://192.168.82.57:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456 at org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66) at org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172) at org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161) at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92) at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) at javax.net.ssl.SSLEngine.unwrap(Unknown Source) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141) at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at sun.security.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891) ... 13 more Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(Unknown Source) at sun.security.util.HostnameChecker.match(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 22 more but,I use the tcp to communicate with server,It can send message successfully.The connection URL: connectionfactory.qpidConnectionfactory = amqp://QpidServer:5672?jms.username=admin&jms.password=admin&transport.connectTimeout=30000 I used the same truststore file and trustStorePassword with qpid-amqp-1.0-client-0.32,It can connect to broker successfully.By the way,I notice the connection factory SSL API changed between qpid-amqp-1.0-client-0.32 and qpid-jms-0.9.0 are different, In qpid-amqp-1.0-client-0.32 client API: It has the setSSL and setSSLContext method,but qpid-jms-0.9.0 connection factory api org.apache.qpid.jms.JmsConnectionFactory,It didn't have setSSL and setSSLContext method. I had made sure that there is nothing to do with SSL certificate -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org