[jboss-remoting-issues] [JBoss JIRA] Commented: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
Ovidiu Feodorov (JIRA)
jira-events at lists.jboss.org
Sat May 3 17:54:18 EDT 2008
[ http://jira.jboss.com/jira/browse/JBREM-970?page=comments#action_12411728 ]
Ovidiu Feodorov commented on JBREM-970:
---------------------------------------
The JBREM-971 patch takes care of this issue, too.
The root server-side exception breaks the SSL handshake, making clear that the problems are caused by SSL layer misconfiguration (the SSL error itself could be a bit clearer, but this is com.sun.net.ssl.internal.ssl, can't patch that...)
Client-side log before the fix:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://localhost:5555/]
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:167)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
... 13 more
Client-side log after the fix:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://localhost:5555/]
[...]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1463)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1784)
at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:691)
at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:199)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:161)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
... 13 more
Beyond this, the remoting code could actually check if the client-side truststore file actually exist, but this is a different patch.
> Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
> --------------------------------------------------------------------------------------------------------------
>
> Key: JBREM-970
> URL: http://jira.jboss.com/jira/browse/JBREM-970
> Project: JBoss Remoting
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Affects Versions: 2.4.0.CR2
> Reporter: Ovidiu Feodorov
> Assigned To: Ovidiu Feodorov
> Priority: Minor
> Fix For: 2.4.0.GA
>
>
> A misspelled client-side truststore file name causes a remoting connection to fail with a misleading error message:
> Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://192.168.67.164:3874/]
> at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
> at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
> [...]
> Caused by: java.net.SocketException: Socket Closed
> at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
> at java.net.Socket.setSoTimeout(Socket.java:997)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
> [...]
> There's nothing in the stacktrace hinting towards the root cause of the problem, and this could make the debugging quite laborious and time consuming.
> A welcome improvement would be to identify and loudly advertise the root cause of the problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list