[
https://issues.apache.org/jira/browse/QPIDJMS-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell closed QPIDJMS-181.
----------------------------------
Resolution: Not A Bug
As mentioned on the users list, the exception shows the hostname verification
is failing. You need to ensure you connect to a hostname matching the details
presented by the server certificate, either by updating your client config or
the server certificate as appropriate, or else disable hostname verification
(obviously not recommended).
Closing this as 'not a bug' until there is evidence to consider otherwise.
> Cannot connect Qpid-Broker using the SSL
> ----------------------------------------
>
> Key: QPIDJMS-181
> URL: https://issues.apache.org/jira/browse/QPIDJMS-181
> Project: Qpid JMS
> Issue Type: Bug
> Components: qpid-jms-client
> Affects Versions: 0.9.0
> Environment: Windows7、jdk,the broker is in linux7.2
> Reporter: Steven
>
> The below link address is Qpid latest Client API
> Documentation,https://qpid.apache.org/releases/qpid-jms-0.9.0/docs/index.html,According
> to its configuration with ssl,My Connection URL is
> connectionfactory.qpidConnectionfactory =
> amqps://QpidServer:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456,It
> reported the following error:
> 2016-05-25 17:55:30,230 [main ] - ERROR JmsConnectionFactory
> - Failed to create JMS Provider instance for: amqps
> Caught exception, exiting.
> javax.jms.JMSException: Failed to create connection to:
> amqps://QpidServer:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456
> at
> org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66)
> at
> org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172)
> at
> org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161)
> at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92)
> at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827)
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228)
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141)
> at
> io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340)
> at
> io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326)
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785)
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891)
> ... 13 more
> Caused by: java.security.cert.CertificateException: No name matching
> QpidServer found
> at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
> at sun.security.util.HostnameChecker.match(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 22 more
> If I was using the following connection URL:
> connectionfactory.qpidConnectionfactory =
> amqps://192.168.82.57:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456
> It reported the following error.
> 2016-05-25 18:32:19,094 [main ] - ERROR JmsConnectionFactory
> - Failed to create JMS Provider instance for: amqps
> Caught exception, exiting.
> javax.jms.JMSException: Failed to create connection to:
> amqps://192.168.82.57:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456
> at
> org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66)
> at
> org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172)
> at
> org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161)
> at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92)
> at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827)
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228)
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141)
> at
> io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340)
> at
> io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326)
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785)
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891)
> ... 13 more
> Caused by: java.security.cert.CertificateException: No subject alternative
> names present
> at sun.security.util.HostnameChecker.matchIP(Unknown Source)
> at sun.security.util.HostnameChecker.match(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 22 more
> but,I use the tcp to communicate with server,It can send message
> successfully.The connection URL:
> connectionfactory.qpidConnectionfactory =
> amqp://QpidServer:5672?jms.username=admin&jms.password=admin&transport.connectTimeout=30000
>
> I used the same truststore file and trustStorePassword with
> qpid-amqp-1.0-client-0.32,It can connect to broker successfully.By the way,I
> notice the connection factory SSL API changed between
> qpid-amqp-1.0-client-0.32 and qpid-jms-0.9.0 are different,
> In qpid-amqp-1.0-client-0.32 client API: It has the setSSL and setSSLContext
> method,but qpid-jms-0.9.0 connection factory api
> org.apache.qpid.jms.JmsConnectionFactory,It didn't have setSSL and
> setSSLContext method.
> I had made sure that there is nothing to do with SSL certificate
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
