On Friday, 1 April 2016, Malithi Edirisinghe <[email protected]> wrote:
> Hi All, > > Seems we should not rely on system properties and expect the SSL > communication to happen. As it seems when the default SSLContext is being > initialized it reads the 'javax.net.ssl.keyStore' property and > initializes the key manager. If no property found it will initialize an > empty keystore. Once the default context is being initialized it seems to > be using the same key manager, irrespective of the property changes. > So as I understand, we need to initialize an SSLContext or change default > key and trust managers. > > You are referring that either * we need to initialize a new SSLContext at the place it communicate with mutual SSL or * Set the keystore and password in the server startup IMO, we should try first approach and move farward with that if it's possible. Thanks, > That should set the certificate and let the client communicate. > > Thanks, > Malithi. > > On Thu, Mar 31, 2016 at 5:39 PM, Malithi Edirisinghe <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> Hi All, >> >> Mutual SSL worked when I start up the server by setting the key store and >> key store password as system properties explicitly. >> >> sh wso2server.sh -Djavax.net.debug=ssl:handshake:verbose -debug 5005 >> -Djavax.net.ssl.keyStore=/Users/malithi/RNDSetups/opensaml-upgraded/wso2is-5.2.0-SNAPSHOT/repository/resources/security/wso2carbon.jks >> -Djavax.net.ssl.keyStorePassword=wso2carbon >> >> >> Seems it's getting override. Any idea ? >> >> Thanks, >> >> Malithi >> >> On Thu, Mar 31, 2016 at 10:41 AM, Chandana Napagoda <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>> Hi Chamila, >>> >>> I can only see guava and commons version changes in between >>> carbon-registry 4.4.8 to 4.4.9. >>> >>> Regards, >>> Chandana >>> >>> On Thu, Mar 31, 2016 at 9:11 AM, Chamila Wijayarathna <[email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> >>>> Hi Malithi, >>>> >>>> I have observed the same issue by only updating carbon-registry from >>>> 4.4.8 to 4.4.9. So I believe this happens due to dependency changes >>>> occurring when doing that. >>>> >>>> Thank You! >>>> >>>> On Wed, Mar 30, 2016 at 11:36 PM, Malithi Edirisinghe < >>>> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');>> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We have upgraded opensaml version from 2.4.1 to 2.6.4 in >>>>> carbon-identity 5.0.8. In order to build the product with this opensaml >>>>> upgrade we had to update carbon deployment version from 4.5.3 to 4.6.1 to >>>>> avoid wiring to opensaml older version. >>>>> >>>>> Along with this upgrade we had to upgrade below too. >>>>> carbon-kernel 4.4.3 to 4.4.5 >>>>> carbon-commons 4.4.8 to 4.5.2 >>>>> carbon-registry 4.4.8 to 4.5.2 >>>>> carbon-multitenancy 4.5.0 to 4.5.1 >>>>> carbon-business-process 4.4.4 to 4.4.7 >>>>> carbon-analytics-common 1.0.0 to 5.0.8 >>>>> axiom 1.2.11.wso2v6 to 1.2.11.wso2v10 >>>>> rampart 1.6.1.wso2v16 to 1.6.1.wso2v19 >>>>> jaggerjs 0.12.2 to 0.12.3 >>>>> >>>>> However, after this upgrade adding workflows fail, since the client >>>>> cannot authenticate to the BPELUploader service via mutual ssl. >>>>> This occurs as the client module fails to communicate the client >>>>> certificate. >>>>> But when I tried the same service for mutual ssl via soap ui and via a >>>>> third party client I wrote which uses the same stub packed, it worked. >>>>> >>>>> Highly appreciate any help. >>>>> >>>>> Thanks, >>>>> Malithi >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Senior Software Engineer >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Chamila Dilshan Wijayarathna,* >>>> Software Engineer >>>> Mobile:(+94)788193620 >>>> WSO2 Inc., http://wso2.com/ >>>> >>> >>> >>> >>> -- >>> *Chandana Napagoda* >>> Senior Software Engineer >>> WSO2 Inc. - http://wso2.org >>> >>> *Email : [email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>**Mobile : >>> +94718169299 <%2B94718169299>* >>> >>> *Blog : http://cnapagoda.blogspot.com >>> <http://cnapagoda.blogspot.com>* >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Senior Software Engineer >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >> > > > > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
