<div dir="ltr">Yeah, I'm pretty sure Undertow's support for SSL is broken!<div><br></div><div>I copied and pasted the example into my project and am getting the same results. I modified it to not do any proxying, but the server isn't responding properly and my anonymous HttpHandler is never invoked:</div><div><br></div><div><a href="https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7">https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7</a><br></div><div><br></div><div>This is incredibly frustrating. Stuart, tell me if I shouldn't be using Undertow for SSL support and I'll start migrating to wrap with nginx.</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <<a href="mailto:sdouglas@redhat.com">sdouglas@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Here is an example:<br class="gmail_msg">
<br class="gmail_msg">
<a href="https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/http2/Http2Server.java" rel="noreferrer" class="gmail_msg" target="_blank">https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/http2/Http2Server.java</a><br class="gmail_msg">
<br class="gmail_msg">
Looks like you have run into a bug, with regard to the<br class="gmail_msg">
ClassCastException, you need to use the version that takes an<br class="gmail_msg">
SslContext for now, although this should be fixed later today.<br class="gmail_msg">
<br class="gmail_msg">
Stuart<br class="gmail_msg">
<br class="gmail_msg">
On Fri, Dec 9, 2016 at 12:30 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="gmail_msg">
> Well, I switched to using the signature that takes the KeyManagers array and<br class="gmail_msg">
> TrustManagers array and now I'm at least getting an error:<br class="gmail_msg">
><br class="gmail_msg">
> java.lang.ClassCastException: org.xnio.ssl.JsseSslStreamConnection cannot be<br class="gmail_msg">
> cast to io.undertow.protocols.ssl.UndertowSslConnection at<br class="gmail_msg">
> io.undertow.protocols.ssl.UndertowXnioSsl.getSslConduit(UndertowXnioSsl.java:141)<br class="gmail_msg">
><br class="gmail_msg">
> This seems like a really flimsy implementation. Am I better offer just<br class="gmail_msg">
> wrapping Undertow with Apache or Nginx?<br class="gmail_msg">
><br class="gmail_msg">
> On Thu, Dec 8, 2016 at 7:26 PM Bill O'Neil <<a href="mailto:bill@dartalley.com" class="gmail_msg" target="_blank">bill@dartalley.com</a>> wrote:<br class="gmail_msg">
>><br class="gmail_msg">
>> Hmm I'm not sure. I SSL terminate before I hit undertow.<br class="gmail_msg">
>><br class="gmail_msg">
>> On Thu, Dec 8, 2016 at 8:16 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="gmail_msg">
>>><br class="gmail_msg">
>>> Also, to clarify, the HttpHandler's handleRequest is never being called.<br class="gmail_msg">
>>><br class="gmail_msg">
>>> On Thu, Dec 8, 2016 at 7:14 PM Hicks, Matt <<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="gmail_msg">
>>>><br class="gmail_msg">
>>>> It was worth a try, but no change. Thanks for the suggestion though.<br class="gmail_msg">
>>>><br class="gmail_msg">
>>>> On Thu, Dec 8, 2016 at 7:12 PM Bill O'Neil <<a href="mailto:bill@dartalley.com" class="gmail_msg" target="_blank">bill@dartalley.com</a>> wrote:<br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>> Try the constructor with 4 args where you also pass a handler.<br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>> public Builder addHttpsListener(int port, String host,<br class="gmail_msg">
>>>>> SSLContext sslContext, HttpHandler rootHandler) {<br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>> On Thu, Dec 8, 2016 at 8:06 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> I've made some progress. After adding the following to the builder:<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> val password = config.https.password.get.toCharArray<br class="gmail_msg">
>>>>>> val keyStore = KeyStore.getInstance("JKS")<br class="gmail_msg">
>>>>>> val keyStoreFile = config.https.keyStoreLocation.get<br class="gmail_msg">
>>>>>> assert(keyStoreFile.exists(), s"No keystore file was found at the<br class="gmail_msg">
>>>>>> location: ${keyStoreFile.getAbsolutePath}")<br class="gmail_msg">
>>>>>> val keyStoreInput = new FileInputStream(keyStoreFile)<br class="gmail_msg">
>>>>>> keyStore.load(keyStoreInput, password)<br class="gmail_msg">
>>>>>> val keyManagerFactory =<br class="gmail_msg">
>>>>>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)<br class="gmail_msg">
>>>>>> keyManagerFactory.init(keyStore, password)<br class="gmail_msg">
>>>>>> val trustManagerFactory =<br class="gmail_msg">
>>>>>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)<br class="gmail_msg">
>>>>>> trustManagerFactory.init(keyStore)<br class="gmail_msg">
>>>>>> val sslContext = SSLContext.getInstance("TLS")<br class="gmail_msg">
>>>>>> sslContext.init(keyManagerFactory.getKeyManagers,<br class="gmail_msg">
>>>>>> trustManagerFactory.getTrustManagers, new SecureRandom)<br class="gmail_msg">
>>>>>> builder.addHttpsListener(config.https.port.get, config.https.host.get,<br class="gmail_msg">
>>>>>> sslContext)<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> Everything starts as expected, no errors, but when I hit<br class="gmail_msg">
>>>>>> localhost:8443 with the browser it says "localhost didn't send any data".<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> Should it use what I've set with "builder.setHandler" for HTTPS as<br class="gmail_msg">
>>>>>> well?<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> On Thu, Dec 8, 2016 at 10:53 AM Hicks, Matt <<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>><br class="gmail_msg">
>>>>>> wrote:<br class="gmail_msg">
>>>>>>><br class="gmail_msg">
>>>>>>> Is there any documentation for configuring SSL on my server? I was<br class="gmail_msg">
>>>>>>> looking through the online docs and found nothing (apart from "Assembling a<br class="gmail_msg">
>>>>>>> Server Manually").<br class="gmail_msg">
>>>>>>><br class="gmail_msg">
>>>>>>> Any assistance would be appreciated.<br class="gmail_msg">
>>>>>>><br class="gmail_msg">
>>>>>>> Thanks<br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>><br class="gmail_msg">
>>>>>> _______________________________________________<br class="gmail_msg">
>>>>>> undertow-dev mailing list<br class="gmail_msg">
>>>>>> <a href="mailto:undertow-dev@lists.jboss.org" class="gmail_msg" target="_blank">undertow-dev@lists.jboss.org</a><br class="gmail_msg">
>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br class="gmail_msg">
>>>>><br class="gmail_msg">
>>>>><br class="gmail_msg">
>><br class="gmail_msg">
><br class="gmail_msg">
> _______________________________________________<br class="gmail_msg">
> undertow-dev mailing list<br class="gmail_msg">
> <a href="mailto:undertow-dev@lists.jboss.org" class="gmail_msg" target="_blank">undertow-dev@lists.jboss.org</a><br class="gmail_msg">
> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br class="gmail_msg">
</blockquote></div>