Status: New
Owner: ----
Labels: Type-Defect Priority-Medium Component-Sip-Servlets MSS-2.1.0.FINAL
Roadmap-Fix
New issue 191 by [email protected]: TLS failing when missing keystore
type
http://code.google.com/p/sipservlets/issues/detail?id=191
TLS fails when running Mobicents 2.0.0.FINAL. Running the command:
openssl s_client -host 135.105.129.109 -port 5081
just sits saying:
CONNECTED(00000003)
the server threw:
06:54:49,942 ERROR [gov.nist.javax.sip.stack.NioTcpMessageProcessor]
(NioSelector-TLS-0.0.0.0/5081) Problem processing selection key event:
java.io.IOException: Can't do TLS init
at
gov.nist.javax.sip.stack.NioTlsMessageChannel.<init>(NioTlsMessageChannel.java:76)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at
gov.nist.javax.sip.stack.NioTlsMessageChannel.create(NioTlsMessageChannel.java:59)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at
gov.nist.javax.sip.stack.NioTlsMessageProcessor.createMessageChannel(NioTlsMessageProcessor.java:36)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at
gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.accept(NioTcpMessageProcessor.java:213)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at
gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(NioTcpMessageProcessor.java:306)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]
Caused by: java.lang.NullPointerException
at
gov.nist.javax.sip.stack.NioTlsMessageChannel.init(NioTlsMessageChannel.java:84)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
at
gov.nist.javax.sip.stack.NioTlsMessageChannel.<init>(NioTlsMessageChannel.java:73)
[jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
... 5 more
turning on debugging revealed;
06:54:29,935 DEBUG [gov.nist.javax.sip.stack.NioTlsMessageProcessor] (MSC
service thread 1-7) TLS initialization failed due to NULL security config
and before that:
06:54:24,654 DEBUG [gov.nist.core.net.DefaultSecurityManagerProvider] (MSC
service thread 1-8) Security manager not specified, TLS settings will be
inactive
This error causes DefaultSecurityMangerProvider to exit before initializing
when the javax.net.ssl.keyStoreType is not defined.
DefaultSecurityMangerProvider.init(Properties properties)
...
if(keyStoreType == null) {
logger.logDebug("Security manager not specified, TLS settings will
be inactive");
return;
}
To solved this by adding -Djavax.net.ssl.keyStoreType="jks" to my startup
line which ended up looking something like ==>
./standalone.sh -c standalone-sip.xml -Djavax.net.ssl.trustStore="xxx"
-Djavax.net.ssl.trustStorePassword="xxx" -Djavax.net.ssl.keyStore="xxx"
-Djavax.net.ssl.keyStorePassword="xxx" -Djavax.net.ssl.keyStoreType="jks"
The user guide does not mention adding the keyStoreType which normally that
defaults to jks anyway. If this does need to be specified, it may be
helpful to have a clearer log indicating the missing property.
I am using Ubuntu 12.04 and had an additional TLS problem with
open-jdk-6-jdk. When turning on the ssl debug, I was getting a
CKR_DOMAIN_PARAMS_INVALID. I solved this by
following
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
and disabling this in java.security
#security.provider.9=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg
Probably not the right fix and this is not a mobicents issue.
TLS seems good now.
Thanks,
Tim
--
