[jboss-remoting-issues] [JBoss JIRA] Commented: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted

Ovidiu Feodorov (JIRA) jira-events at lists.jboss.org
Sat May 3 17:54:18 EDT 2008 

    [ http://jira.jboss.com/jira/browse/JBREM-970?page=comments#action_12411728 ] 
            
Ovidiu Feodorov commented on JBREM-970:
---------------------------------------

The JBREM-971 patch takes care of this issue, too.

The root server-side exception breaks the SSL handshake, making clear that the problems are caused by SSL layer misconfiguration (the SSL error itself could be a bit clearer, but this is com.sun.net.ssl.internal.ssl, can't patch that...)

Client-side log before the fix:

Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://localhost:5555/]
        [...]
Caused by: java.net.SocketException: Socket Closed
        at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
        at java.net.Socket.setSoTimeout(Socket.java:997)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
        at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
        at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:167)
        at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
        ... 13 more


Client-side log after the fix:

Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://localhost:5555/]
       [...]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1463)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1784)
        at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:691)
        at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
        at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
        at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:199)
        at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:161)
        at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
        ... 13 more

Beyond this, the remoting code could actually check if the client-side truststore file actually exist, but this is a different patch.

> Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: JBREM-970
>                 URL: http://jira.jboss.com/jira/browse/JBREM-970
>             Project: JBoss Remoting
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 2.4.0.CR2
>            Reporter: Ovidiu Feodorov
>         Assigned To: Ovidiu Feodorov
>            Priority: Minor
>             Fix For: 2.4.0.GA
>
>
> A misspelled client-side truststore file name causes a remoting connection to fail with a misleading error message:
> Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://192.168.67.164:3874/]
>         at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
>         at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
>         [...]
> Caused by: java.net.SocketException: Socket Closed
>         at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
>         at java.net.Socket.setSoTimeout(Socket.java:997)
>         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
>         [...]
> There's nothing in the stacktrace hinting towards the root cause of the problem, and this could make the debugging quite laborious and time consuming.
> A welcome improvement would be to identify and loudly advertise the root cause of the problem (or at least problems related to the fact that the SSL handshake did not succeed)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-remoting-issues mailing list