[JBoss JIRA] Created: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
11:49 p.m.
Enhance client-side error reporting so a misspelled truststore file name required by SSL
can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Affects Versions: 2.2.2.SP7
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:17 a.m.
New subject: [JBoss JIRA] Updated: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
[ http://jira.jboss.com/jira/browse/JBREM-970?page=all ]
Ron Sigal updated JBREM-970:
----------------------------
Fix Version/s: 2.4.0.GA
Affects Version/s: 2.4.0.CR2
(was: 2.2.2.SP7)
Enhance client-side error reporting so a misspelled truststore file
name required by SSL can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
Fix For: 2.4.0.GA
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:41 p.m.
New subject: [JBoss JIRA] Updated: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
[ http://jira.jboss.com/jira/browse/JBREM-970?page=all ]
Ovidiu Feodorov updated JBREM-970:
----------------------------------
Attachment: JBREM-970.patch
Enhance client-side error reporting so a misspelled truststore file
name required by SSL can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
Fix For: 2.4.0.GA
Attachments: JBREM-970.patch
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:45 p.m.
New subject: [JBoss JIRA] Updated: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
[ http://jira.jboss.com/jira/browse/JBREM-970?page=all ]
Ovidiu Feodorov updated JBREM-970:
----------------------------------
Attachment: (was: JBREM-970.patch)
Enhance client-side error reporting so a misspelled truststore file
name required by SSL can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
Fix For: 2.4.0.GA
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:54 p.m.
New subject: [JBoss JIRA] Resolved: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
[ http://jira.jboss.com/jira/browse/JBREM-970?page=all ]
Ovidiu Feodorov resolved JBREM-970.
-----------------------------------
Resolution: Partially Completed
Needs validation.
Enhance client-side error reporting so a misspelled truststore file
name required by SSL can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
Fix For: 2.4.0.GA
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:54 p.m.
New subject: [JBoss JIRA] Commented: (JBREM-970) Enhance client-side error reporting so a misspelled truststore file name required by SSL can be easily spotted
[ http://jira.jboss.com/jira/browse/JBREM-970?page=comments#action_12411728 ]
Ovidiu Feodorov commented on JBREM-970:
---------------------------------------
The JBREM-971 patch takes care of this issue, too.
The root server-side exception breaks the SSL handshake, making clear that the problems
are caused by SSL layer misconfiguration (the SSL error itself could be a bit clearer, but
this is com.sun.net.ssl.internal.ssl, can't patch that...)
Client-side log before the fix:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://localhost:5555/]
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
at
org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
at
org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:167)
at
org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
... 13 more
Client-side log after the fix:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://localhost:5555/]
[...]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be
non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1554)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1537)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1463)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1784)
at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:691)
at
org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
at
org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
at
org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:199)
at
org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:161)
at
org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
... 13 more
Beyond this, the remoting code could actually check if the client-side truststore file
actually exist, but this is a different patch.
Enhance client-side error reporting so a misspelled truststore file
name required by SSL can be easily spotted
--------------------------------------------------------------------------------------------------------------
Key: JBREM-970
URL: http://jira.jboss.com/jira/browse/JBREM-970
Project: JBoss Remoting
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 2.4.0.CR2
Reporter: Ovidiu Feodorov
Assigned To: Ovidiu Feodorov
Priority: Minor
Fix For: 2.4.0.GA
A misspelled client-side truststore file name causes a remoting connection to fail with a
misleading error message:
Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not
get connection to server. Problem establishing socket connection for InvokerLocator
[sslsocket://192.168.67.164:3874/]
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:530)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
[...]
Caused by: java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
at java.net.Socket.setSoTimeout(Socket.java:997)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
[...]
There's nothing in the stacktrace hinting towards the root cause of the problem, and
this could make the debugging quite laborious and time consuming.
A welcome improvement would be to identify and loudly advertise the root cause of the
problem (or at least problems related to the fact that the SSL handshake did not succeed)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6089
days inactive
6091
days old
jboss-remoting-issues@lists.jboss.org
5 comments
2 participants
participants (2)
-
Ovidiu Feodorov (JIRA) -
Ron Sigal (JIRA)