On Fri, Apr 1, 2016 at 9:37 AM, Darshana Gunawardana <[email protected]> wrote:
> > > On Friday, 1 April 2016, Malithi Edirisinghe <[email protected]> wrote: > >> Hi All, >> >> Seems we should not rely on system properties and expect the SSL >> communication to happen. As it seems when the default SSLContext is being >> initialized it reads the 'javax.net.ssl.keyStore' property and >> initializes the key manager. If no property found it will initialize an >> empty keystore. Once the default context is being initialized it seems to >> be using the same key manager, irrespective of the property changes. >> So as I understand, we need to initialize an SSLContext or change default >> key and trust managers. >> >> > You are referring that either > * we need to initialize a new SSLContext at the place it communicate with > mutual > SSL or > * Set the keystore and password in the server startup > > IMO, we should try first approach and move farward with that if it's > possible. > Actually I was saying either we should initialize a new SSLContext or we should change the key manager and trust manager being set in the default SSLContext without setting system properties at server startup. (We can get the default context but not sure whether that instance is mutable. Need to check on that). > > Thanks, > > >> That should set the certificate and let the client communicate. >> >> Thanks, >> Malithi. >> >> On Thu, Mar 31, 2016 at 5:39 PM, Malithi Edirisinghe <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Mutual SSL worked when I start up the server by setting the key store >>> and key store password as system properties explicitly. >>> >>> sh wso2server.sh -Djavax.net.debug=ssl:handshake:verbose -debug 5005 >>> -Djavax.net.ssl.keyStore=/Users/malithi/RNDSetups/opensaml-upgraded/wso2is-5.2.0-SNAPSHOT/repository/resources/security/wso2carbon.jks >>> -Djavax.net.ssl.keyStorePassword=wso2carbon >>> >>> >>> Seems it's getting override. Any idea ? >>> >>> Thanks, >>> >>> Malithi >>> >>> On Thu, Mar 31, 2016 at 10:41 AM, Chandana Napagoda <[email protected]> >>> wrote: >>> >>>> Hi Chamila, >>>> >>>> I can only see guava and commons version changes in between >>>> carbon-registry 4.4.8 to 4.4.9. >>>> >>>> Regards, >>>> Chandana >>>> >>>> On Thu, Mar 31, 2016 at 9:11 AM, Chamila Wijayarathna <[email protected] >>>> > wrote: >>>> >>>>> Hi Malithi, >>>>> >>>>> I have observed the same issue by only updating carbon-registry from >>>>> 4.4.8 to 4.4.9. So I believe this happens due to dependency changes >>>>> occurring when doing that. >>>>> >>>>> Thank You! >>>>> >>>>> On Wed, Mar 30, 2016 at 11:36 PM, Malithi Edirisinghe < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> We have upgraded opensaml version from 2.4.1 to 2.6.4 in >>>>>> carbon-identity 5.0.8. In order to build the product with this opensaml >>>>>> upgrade we had to update carbon deployment version from 4.5.3 to 4.6.1 to >>>>>> avoid wiring to opensaml older version. >>>>>> >>>>>> Along with this upgrade we had to upgrade below too. >>>>>> carbon-kernel 4.4.3 to 4.4.5 >>>>>> carbon-commons 4.4.8 to 4.5.2 >>>>>> carbon-registry 4.4.8 to 4.5.2 >>>>>> carbon-multitenancy 4.5.0 to 4.5.1 >>>>>> carbon-business-process 4.4.4 to 4.4.7 >>>>>> carbon-analytics-common 1.0.0 to 5.0.8 >>>>>> axiom 1.2.11.wso2v6 to >>>>>> 1.2.11.wso2v10 >>>>>> rampart 1.6.1.wso2v16 to 1.6.1.wso2v19 >>>>>> jaggerjs 0.12.2 to 0.12.3 >>>>>> >>>>>> However, after this upgrade adding workflows fail, since the client >>>>>> cannot authenticate to the BPELUploader service via mutual ssl. >>>>>> This occurs as the client module fails to communicate the client >>>>>> certificate. >>>>>> But when I tried the same service for mutual ssl via soap ui and via >>>>>> a third party client I wrote which uses the same stub packed, it worked. >>>>>> >>>>>> Highly appreciate any help. >>>>>> >>>>>> Thanks, >>>>>> Malithi >>>>>> >>>>>> -- >>>>>> >>>>>> *Malithi Edirisinghe* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. >>>>>> >>>>>> Mobile : +94 (0) 718176807 >>>>>> [email protected] >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Chamila Dilshan Wijayarathna,* >>>>> Software Engineer >>>>> Mobile:(+94)788193620 >>>>> WSO2 Inc., http://wso2.com/ >>>>> >>>> >>>> >>>> >>>> -- >>>> *Chandana Napagoda* >>>> Senior Software Engineer >>>> WSO2 Inc. - http://wso2.org >>>> >>>> *Email : [email protected]**Mobile : +94718169299 <%2B94718169299>* >>>> >>>> *Blog : http://cnapagoda.blogspot.com >>>> <http://cnapagoda.blogspot.com>* >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Senior Software Engineer >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> >> >> -- >> >> *Malithi Edirisinghe* >> Senior Software Engineer >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> [email protected] >> > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: [email protected] <[email protected]>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > > Thanks, Malithi -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
