[undertow-dev] SSL Documentation

Fri Dec 9 13:43:17 EST 2016

On Fri, Dec 9, 2016 at 1:11 PM, Hicks, Matt <matt at matthicks.com> wrote:

> Hi Michael, thanks for the response.  What version of Undertow are you
> using?
>

I'm using 1.3.20, so I'm a bit behind.

> Are you overriding the SSL certificate storage or using the example's?
>

I'm just creating the SSLContext that's passed to the builder via
addHttpsListener directly from the standard JVM properties, eg
javax.net.ssl.keyStore

> Would you mind terribly trying the exact code snippet and see if it works
> for you?  This is very confusing if it's a problem on my end...especially
> since HTTP works fine.
>
> On Fri, Dec 9, 2016 at 11:59 AM Michael Grove <mike at stardog.com> wrote:
>
>> On Fri, Dec 9, 2016 at 10:24 AM, Hicks, Matt <matt at matthicks.com> wrote:
>>
>> Yeah, I'm pretty sure Undertow's support for SSL is broken!
>>
>>
>> It's working fine for me, and I'm using a setup almost exactly like
>> what's shown in the examples.
>>
>>
>> I copied and pasted the example into my project and am getting the same
>> results.  I modified it to not do any proxying, but the server isn't
>> responding properly and my anonymous HttpHandler is never invoked:
>>
>> https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7
>>
>> This is incredibly frustrating.  Stuart, tell me if I shouldn't be using
>> Undertow for SSL support and I'll start migrating to wrap with nginx.
>>
>> On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <sdouglas at redhat.com>
>> wrote:
>>
>> Here is an example:
>>
>> https://github.com/undertow-io/undertow/blob/master/
>> examples/src/main/java/io/undertow/examples/http2/Http2Server.java
>>
>> Looks like you have run into a bug, with regard to the
>> ClassCastException, you need to use the version that takes an
>> SslContext for now, although this should be fixed later today.
>>
>> Stuart
>>
>> On Fri, Dec 9, 2016 at 12:30 PM, Hicks, Matt <matt at matthicks.com> wrote:
>> > Well, I switched to using the signature that takes the KeyManagers
>> array and
>> > TrustManagers array and now I'm at least getting an error:
>> >
>> > java.lang.ClassCastException: org.xnio.ssl.JsseSslStreamConnection
>> cannot be
>> > cast to io.undertow.protocols.ssl.UndertowSslConnection at
>> > io.undertow.protocols.ssl.UndertowXnioSsl.getSslConduit(
>> UndertowXnioSsl.java:141)
>> >
>> > This seems like a really flimsy implementation.  Am I better offer just
>> > wrapping Undertow with Apache or Nginx?
>> >
>> > On Thu, Dec 8, 2016 at 7:26 PM Bill O'Neil <bill at dartalley.com> wrote:
>> >>
>> >> Hmm I'm not sure. I SSL terminate before I hit undertow.
>> >>
>> >> On Thu, Dec 8, 2016 at 8:16 PM, Hicks, Matt <matt at matthicks.com>
>> wrote:
>> >>>
>> >>> Also, to clarify, the HttpHandler's handleRequest is never being
>> called.
>> >>>
>> >>> On Thu, Dec 8, 2016 at 7:14 PM Hicks, Matt <matt at matthicks.com>
>> wrote:
>> >>>>
>> >>>> It was worth a try, but no change.  Thanks for the suggestion though.
>> >>>>
>> >>>> On Thu, Dec 8, 2016 at 7:12 PM Bill O'Neil <bill at dartalley.com>
>> wrote:
>> >>>>>
>> >>>>> Try the constructor with 4 args where you also pass a handler.
>> >>>>>
>> >>>>>         public Builder addHttpsListener(int port, String host,
>> >>>>> SSLContext sslContext, HttpHandler rootHandler) {
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On Thu, Dec 8, 2016 at 8:06 PM, Hicks, Matt <matt at matthicks.com>
>> wrote:
>> >>>>>>
>> >>>>>> I've made some progress.  After adding the following to the
>> builder:
>> >>>>>>
>> >>>>>> val password = config.https.password.get.toCharArray
>> >>>>>> val keyStore = KeyStore.getInstance("JKS")
>> >>>>>> val keyStoreFile = config.https.keyStoreLocation.get
>> >>>>>> assert(keyStoreFile.exists(), s"No keystore file was found at the
>> >>>>>> location: ${keyStoreFile.getAbsolutePath}")
>> >>>>>> val keyStoreInput = new FileInputStream(keyStoreFile)
>> >>>>>> keyStore.load(keyStoreInput, password)
>> >>>>>> val keyManagerFactory =
>> >>>>>> KeyManagerFactory.getInstance(KeyManagerFactory.
>> getDefaultAlgorithm)
>> >>>>>> keyManagerFactory.init(keyStore, password)
>> >>>>>> val trustManagerFactory =
>> >>>>>> TrustManagerFactory.getInstance(TrustManagerFactory.
>> getDefaultAlgorithm)
>> >>>>>> trustManagerFactory.init(keyStore)
>> >>>>>> val sslContext = SSLContext.getInstance("TLS")
>> >>>>>> sslContext.init(keyManagerFactory.getKeyManagers,
>> >>>>>> trustManagerFactory.getTrustManagers, new SecureRandom)
>> >>>>>> builder.addHttpsListener(config.https.port.get,
>> config.https.host.get,
>> >>>>>> sslContext)
>> >>>>>>
>> >>>>>> Everything starts as expected, no errors, but when I hit
>> >>>>>> localhost:8443 with the browser it says "localhost didn't send any
>> data".
>> >>>>>>
>> >>>>>> Should it use what I've set with "builder.setHandler" for HTTPS as
>> >>>>>> well?
>> >>>>>>
>> >>>>>> On Thu, Dec 8, 2016 at 10:53 AM Hicks, Matt <matt at matthicks.com>
>> >>>>>> wrote:
>> >>>>>>>
>> >>>>>>> Is there any documentation for configuring SSL on my server?  I
>> was
>> >>>>>>> looking through the online docs and found nothing (apart from
>> "Assembling a
>> >>>>>>> Server Manually").
>> >>>>>>>
>> >>>>>>> Any assistance would be appreciated.
>> >>>>>>>
>> >>>>>>> Thanks
>> >>>>>>
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> undertow-dev mailing list
>> >>>>>> undertow-dev at lists.jboss.org
>> >>>>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>> >>>>>
>> >>>>>
>> >>
>> >
>> > _______________________________________________
>> > undertow-dev mailing list
>> > undertow-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20161209/55da07c8/attachment-0001.html 