[jira] [Resolved] (CXF-5302) SSL handshake exception on IBM AIX 6.1 with IBM JDK 7

Daniel Kulp (JIRA) Thu, 23 Mar 2017 09:46:04 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-5302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Daniel Kulp resolved CXF-5302.
------------------------------
       Resolution: Cannot Reproduce
    Fix Version/s: Invalid

Marking "cannot reproduce" mostly because this issue is very old and I don't 
think any of us have access to AIX anymore to be able to even attempt to 
diagnose.  

> SSL handshake exception on IBM AIX 6.1 with IBM JDK 7
> -----------------------------------------------------
>
>                 Key: CXF-5302
>                 URL: https://issues.apache.org/jira/browse/CXF-5302
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.7.6
>         Environment: IBM AIX 6.1, JDK version 7- IBM J9 VM (build 2.6, JRE 
> 1.7.0 AIX ppc64-64 20120322_106209 (JIT enabled, AOT enabled))
>            Reporter: Venkat Nalla
>              Labels: security
>             Fix For: Invalid
>
>
> I am testing CXF 2.7.6 on AIX 6.1 with IBM J9 JDK 7 JVM. The client and 
> server are on two different machines of same kind in both the cases IBM JVM 
> (same version) is used. Both the servers has trustore/keystores based on 
> Verisign signed certificates for the respective machines. 
> Server Side SSL Configuration:<httpj:engine-factory bus="cxf"> <httpj:engine 
> port="7643"> <httpj:tlsServerParameters secureSocketProtocol="SSL"> 
> <csec:trustManagers> <csec:keyStore type="JKS" password="..." 
> file="server.jks"/> </csec:trustManagers> <csec:keyManagers 
> keyPassword="..."> <csec:keyStore type="JKS" password="..." 
> file="server.jks"/> </csec:keyManagers> <csec:clientAuthentication 
> want="false" required="false"/> </httpj:tlsServerParameters> </httpj:engine> 
> </httpj:engine-factory>
> Client Side SSL Configuration:
> <http:conduit name="*.http-conduit"> <http:tlsClientParameters 
> disableCNCheck="true" secureSocketProtocol="SSL"> <sec:trustManagers> 
> <sec:keyStore type="JKS" password="..." file="client.jks"/> 
> </sec:trustManagers> </http:tlsClientParameters> </http:conduit>
> I am getting the following error:
> [java] Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: 
> Violated path length constraints [java] at com.ibm.jsse2.j.a(j.java:39) 
> [java] at com.ibm.jsse2.qc.a(qc.java:337) [java] at 
> com.ibm.jsse2.ab.a(ab.java:225) [java] at com.ibm.jsse2.ab.a(ab.java:162) 
> [java] at com.ibm.jsse2.bb.a(bb.java:352) [java] at 
> com.ibm.jsse2.bb.a(bb.java:13) [java] at com.ibm.jsse2.ab.r(ab.java:75) 
> [java] at com.ibm.jsse2.ab.a(ab.java:532) [java] at 
> com.ibm.jsse2.qc.a(qc.java:158) [java] at com.ibm.jsse2.qc.h(qc.java:272) 
> [java] at com.ibm.jsse2.qc.a(qc.java:234) [java] at 
> com.ibm.jsse2.qc.startHandshake(qc.java:8) [java] at 
> com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:111) [java] at 
> com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:18) [java] at 
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1099)
>  [java] at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:11) 
> [java] at 
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168)
>  [java] at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1278)
>  [java] at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
>  [java] at 
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>  [java] at 
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
>  [java] at 
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
>  [java] at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
>  [java] ... 16 more [java] Caused by: com.ibm.jsse2.util.h: Violated path 
> length constraints
> It works fine:
> 1) with IBM JDK 6 using spring configuration files shown above as well as 
> Oracle/Sun JDK 7 on windows 7 desktop.
> 2) When server.jks file is used on the client side configuration with IBM JDK 
> 7.
> 3)Works fine when the truststore is configured via system properties of java 
> client process using JDK 7:
> java -Dcxf.config.file=client.xml -Djavax.net.debug=all 
> -Djavax.net.ssl.trustStore=client.jks -Djavax.net.ssl.trustStorePassword=... 
> -Dhttps.protocols=SSLv3 com.mycomany.Client
> configuration file is without any SSL configuration as shown below 
> (client.xml): <http:conduit name="*.http-conduit">
> </http:conduit>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Resolved] (CXF-5302) SSL handshake exception on IBM AIX 6.1 with IBM JDK 7

Reply via email to