[teiid-issues] [JBoss JIRA] (TEIID-4079) SSL - anonymouse mode - connection fails

Juraj Duráni (JIRA) issues at jboss.org
Wed Mar 16 03:58:00 EDT 2016 

    [ https://issues.jboss.org/browse/TEIID-4079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13177512#comment-13177512 ] 

Juraj Duráni commented on TEIID-4079:
-------------------------------------

One more. If server's certificate is untrusted (server cannot find trusted certificate in certificate chain of its certificate) connection fails too.
Attachment - Server's keystore - keystore_server_untrusted.jks
Server's truststore - truststore.jks

> SSL - anonymouse mode - connection fails
> ----------------------------------------
>
>                 Key: TEIID-4079
>                 URL: https://issues.jboss.org/browse/TEIID-4079
>             Project: Teiid
>          Issue Type: Bug
>    Affects Versions: 8.12.5
>            Reporter: Juraj Duráni
>            Assignee: Steven Hawkins
>         Attachments: keystore_server_expired.jks
>
>
> If ssl-authentication-mode is set to anonymouse no certificates should be required. But if configuration of Teiid contains keystore-name which points to keystore with expired certificate, attempt to connect to Teiid fails.
> *Exception:*
> {code:plain}
> org.teiid.jdbc.TeiidSQLException: TEIID20020 Error establishing socket to host and port: localhost:31000. Reason: java.security.cert.CertificateExpiredException: NotAfter: Fri Feb 26 11:07:46 CET 2016
> 	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
> 	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
> 	at org.teiid.jdbc.SocketProfile.connect(SocketProfile.java:66)
> 	at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:107)
> 	at oeg.jboss.qe.ssl.SimpleSslTest.test(SimpleSslTest.java:160)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:483)
> 	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80)
> 	at org.testng.internal.Invoker.invokeMethod(Invoker.java:714)
> 	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:901)
> 	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1231)
> 	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127)
> 	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
> 	at org.testng.TestRunner.privateRun(TestRunner.java:767)
> 	at org.testng.TestRunner.run(TestRunner.java:617)
> 	at org.testng.SuiteRunner.runTest(SuiteRunner.java:334)
> 	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329)
> 	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291)
> 	at org.testng.SuiteRunner.run(SuiteRunner.java:240)
> 	at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
> 	at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
> 	at org.testng.TestNG.runSuitesSequentially(TestNG.java:1198)
> 	at org.testng.TestNG.runSuitesLocally(TestNG.java:1123)
> 	at org.testng.TestNG.run(TestNG.java:1031)
> 	at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:70)
> 	at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:108)
> 	at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:111)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:483)
> 	at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:164)
> 	at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:110)
> 	at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:172)
> 	at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcessWhenForked(SurefireStarter.java:104)
> 	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:70)
> Caused by: org.teiid.net.socket.SingleInstanceCommunicationException: TEIID20020 Error establishing socket to host and port: localhost:31000. Reason: java.security.cert.CertificateExpiredException: NotAfter: Fri Feb 26 11:07:46 CET 2016
> 	at org.teiid.net.socket.SocketServerConnection.selectServerInstance(SocketServerConnection.java:161)
> 	at org.teiid.net.socket.SocketServerConnection.<init>(SocketServerConnection.java:95)
> 	at org.teiid.net.socket.SocketServerConnectionFactory.getConnection(SocketServerConnectionFactory.java:316)
> 	at org.teiid.jdbc.SocketProfile.connect(SocketProfile.java:64)
> 	... 35 more
> Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Fri Feb 26 11:07:46 CET 2016
> 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
> 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
> 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
> 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
> 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
> 	at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
> 	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
> 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
> 	at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:909)
> 	at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> 	at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> 	at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
> 	at java.io.DataInputStream.readInt(DataInputStream.java:387)
> 	at org.teiid.netty.handler.codec.serialization.ObjectDecoderInputStream.readObjectOverride(ObjectDecoderInputStream.java:97)
> 	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:365)
> 	at org.teiid.net.socket.OioOjbectChannelFactory$OioObjectChannel.read(OioOjbectChannelFactory.java:117)
> 	at org.teiid.net.socket.SocketServerInstanceImpl.doHandshake(SocketServerInstanceImpl.java:128)
> 	at org.teiid.net.socket.SocketServerInstanceImpl.connect(SocketServerInstanceImpl.java:96)
> 	at org.teiid.net.socket.SocketServerConnectionFactory.getServerInstance(SocketServerConnectionFactory.java:277)
> 	at org.teiid.net.socket.SocketServerConnection.connect(SocketServerConnection.java:239)
> 	at org.teiid.net.socket.SocketServerConnection.selectServerInstance(SocketServerConnection.java:125)
> 	... 38 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Feb 26 11:07:46 CET 2016
> 	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
> 	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
> 	at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:188)
> 	at sun.security.validator.Validator.validate(Validator.java:260)
> 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
> 	... 56 more
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list