Steven created QPIDJMS-181:
------------------------------
Summary: Cannot connect Qpid-Broker using the SSL
Key: QPIDJMS-181
URL: https://issues.apache.org/jira/browse/QPIDJMS-181
Project: Qpid JMS
Issue Type: Bug
Components: qpid-jms-client
Affects Versions: 0.9.0
Environment: Windows7、jdk,the broker is in linux7.2
Reporter: Steven
The below link address is Qpid latest Client API
Documentation,https://qpid.apache.org/releases/qpid-jms-0.9.0/docs/index.html,According
to its configuration with ssl,My Connection URL is
connectionfactory.qpidConnectionfactory =
amqps://QpidServer:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456,It
reported the following error:
2016-05-25 17:55:30,230 [main ] - ERROR JmsConnectionFactory
- Failed to create JMS Provider instance for: amqps
Caught exception, exiting.
javax.jms.JMSException: Failed to create connection to:
amqps://QpidServer:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456
at
org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66)
at
org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172)
at
org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161)
at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92)
at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827)
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228)
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141)
at
io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340)
at
io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)
at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891)
... 13 more
Caused by: java.security.cert.CertificateException: No name matching QpidServer
found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 22 more
If I was using the following connection URL:
connectionfactory.qpidConnectionfactory =
amqps://192.168.82.57:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456
It reported the following error.
2016-05-25 18:32:19,094 [main ] - ERROR JmsConnectionFactory
- Failed to create JMS Provider instance for: amqps
Caught exception, exiting.
javax.jms.JMSException: Failed to create connection to:
amqps://192.168.82.57:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456
at
org.apache.qpid.jms.exceptions.JmsExceptionSupport.create(JmsExceptionSupport.java:66)
at
org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:172)
at
org.apache.qpid.jms.JmsConnectionFactory.createConnection(JmsConnectionFactory.java:161)
at org.apache.qpid.jms.example.HelloWorld.test(HelloWorld.java:92)
at org.apache.qpid.jms.example.HelloWorld.main(HelloWorld.java:73)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:927)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:871)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:827)
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:228)
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:141)
at
io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:340)
at
io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:326)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:116)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:494)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:461)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)
at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:960)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:891)
... 13 more
Caused by: java.security.cert.CertificateException: No subject alternative
names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 22 more
but,I use the tcp to communicate with server,It can send message
successfully.The connection URL:
connectionfactory.qpidConnectionfactory =
amqp://QpidServer:5672?jms.username=admin&jms.password=admin&transport.connectTimeout=30000
I used the same truststore file and trustStorePassword with
qpid-amqp-1.0-client-0.32,It can connect to broker successfully.By the way,I
notice the connection factory SSL API changed between qpid-amqp-1.0-client-0.32
and qpid-jms-0.9.0 are different,
In qpid-amqp-1.0-client-0.32 client API: It has the setSSL and setSSLContext
method,but qpid-jms-0.9.0 connection factory api
org.apache.qpid.jms.JmsConnectionFactory,It didn't have setSSL and
setSSLContext method.
I had made sure that there is nothing to do with SSL certificate
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
