<div dir="ltr">Hi Michael, thanks for the response. What version of Undertow are you using? Are you overriding the SSL certificate storage or using the example's? Would you mind terribly trying the exact code snippet and see if it works for you? This is very confusing if it's a problem on my end...especially since HTTP works fine.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Dec 9, 2016 at 11:59 AM Michael Grove <<a href="mailto:mike@stardog.com">mike@stardog.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg">On Fri, Dec 9, 2016 at 10:24 AM, Hicks, Matt <span dir="ltr" class="gmail_msg"><<a href="mailto:matt@matthicks.com" class="gmail_msg" target="_blank">matt@matthicks.com</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class="gmail_msg">Yeah, I'm pretty sure Undertow's support for SSL is broken!</div></blockquote><div class="gmail_msg"><br class="gmail_msg"></div></div></div></div><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg">It's working fine for me, and I'm using a setup almost exactly like what's shown in the examples.</div></div></div></div><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg"><br class="gmail_msg"></div><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I copied and pasted the example into my project and am getting the same results. I modified it to not do any proxying, but the server isn't responding properly and my anonymous HttpHandler is never invoked:</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><a href="https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7" class="gmail_msg" target="_blank">https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7</a><br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">This is incredibly frustrating. Stuart, tell me if I shouldn't be using Undertow for SSL support and I'll start migrating to wrap with nginx.</div></div><div class="m_-1855739538807042216gmail-HOEnZb gmail_msg"><div class="m_-1855739538807042216gmail-h5 gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"><div dir="ltr" class="gmail_msg">On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <<a href="mailto:sdouglas@redhat.com" class="gmail_msg" target="_blank">sdouglas@redhat.com</a>> wrote:<br class="gmail_msg"></div><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Here is an example:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
<a href="https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/http2/Http2Server.java" rel="noreferrer" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/http2/Http2Server.java</a><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
Looks like you have run into a bug, with regard to the<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
ClassCastException, you need to use the version that takes an<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
SslContext for now, although this should be fixed later today.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
Stuart<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
On Fri, Dec 9, 2016 at 12:30 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> Well, I switched to using the signature that takes the KeyManagers array and<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> TrustManagers array and now I'm at least getting an error:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> java.lang.ClassCastException: org.xnio.ssl.JsseSslStreamConnection cannot be<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> cast to io.undertow.protocols.ssl.UndertowSslConnection at<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> io.undertow.protocols.ssl.UndertowXnioSsl.getSslConduit(UndertowXnioSsl.java:141)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> This seems like a really flimsy implementation. Am I better offer just<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> wrapping Undertow with Apache or Nginx?<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> On Thu, Dec 8, 2016 at 7:26 PM Bill O'Neil <<a href="mailto:bill@dartalley.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">bill@dartalley.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>> Hmm I'm not sure. I SSL terminate before I hit undertow.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>> On Thu, Dec 8, 2016 at 8:16 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>> Also, to clarify, the HttpHandler's handleRequest is never being called.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>> On Thu, Dec 8, 2016 at 7:14 PM Hicks, Matt <<a href="mailto:matt@matthicks.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>> It was worth a try, but no change. Thanks for the suggestion though.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>> On Thu, Dec 8, 2016 at 7:12 PM Bill O'Neil <<a href="mailto:bill@dartalley.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">bill@dartalley.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>> Try the constructor with 4 args where you also pass a handler.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>> public Builder addHttpsListener(int port, String host,<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>> SSLContext sslContext, HttpHandler rootHandler) {<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>> On Thu, Dec 8, 2016 at 8:06 PM, Hicks, Matt <<a href="mailto:matt@matthicks.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">matt@matthicks.com</a>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> I've made some progress. After adding the following to the builder:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val password = config.https.password.get.toCharArray<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val keyStore = KeyStore.getInstance("JKS")<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val keyStoreFile = config.https.keyStoreLocation.get<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> assert(keyStoreFile.exists(), s"No keystore file was found at the<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> location: ${keyStoreFile.getAbsolutePath}")<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val keyStoreInput = new FileInputStream(keyStoreFile)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> keyStore.load(keyStoreInput, password)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val keyManagerFactory =<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> keyManagerFactory.init(keyStore, password)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val trustManagerFactory =<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> trustManagerFactory.init(keyStore)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> val sslContext = SSLContext.getInstance("TLS")<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> sslContext.init(keyManagerFactory.getKeyManagers,<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> trustManagerFactory.getTrustManagers, new SecureRandom)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> builder.addHttpsListener(config.https.port.get, config.https.host.get,<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> sslContext)<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> Everything starts as expected, no errors, but when I hit<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> localhost:8443 with the browser it says "localhost didn't send any data".<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> Should it use what I've set with "builder.setHandler" for HTTPS as<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> well?<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> On Thu, Dec 8, 2016 at 10:53 AM Hicks, Matt <<a href="mailto:matt@matthicks.com" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">matt@matthicks.com</a>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> wrote:<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>> Is there any documentation for configuring SSL on my server? I was<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>> looking through the online docs and found nothing (apart from "Assembling a<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>> Server Manually").<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>> Any assistance would be appreciated.<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>>> Thanks<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> _______________________________________________<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> undertow-dev mailing list<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> <a href="mailto:undertow-dev@lists.jboss.org" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">undertow-dev@lists.jboss.org</a><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>>>>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
>><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> _______________________________________________<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> undertow-dev mailing list<br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> <a href="mailto:undertow-dev@lists.jboss.org" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">undertow-dev@lists.jboss.org</a><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br class="m_-1855739538807042216gmail-m_-7365568801681458197gmail_msg gmail_msg">
</blockquote></div>
</div></div><br class="gmail_msg">_______________________________________________<br class="gmail_msg">
undertow-dev mailing list<br class="gmail_msg">
<a href="mailto:undertow-dev@lists.jboss.org" class="gmail_msg" target="_blank">undertow-dev@lists.jboss.org</a><br class="gmail_msg">
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br class="gmail_msg"></blockquote></div></div></div></blockquote></div>