Hi Michael, thanks for the response. What version of Undertow are you
using? Are you overriding the SSL certificate storage or using the
example's? Would you mind terribly trying the exact code snippet and see
if it works for you? This is very confusing if it's a problem on my
end...especially since HTTP works fine.
On Fri, Dec 9, 2016 at 11:59 AM Michael Grove <mike(a)stardog.com> wrote:
On Fri, Dec 9, 2016 at 10:24 AM, Hicks, Matt
<matt(a)matthicks.com> wrote:
Yeah, I'm pretty sure Undertow's support for SSL is broken!
It's working fine for me, and I'm using a setup almost exactly like what's
shown in the examples.
I copied and pasted the example into my project and am getting the same
results. I modified it to not do any proxying, but the server isn't
responding properly and my anonymous HttpHandler is never invoked:
https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7
This is incredibly frustrating. Stuart, tell me if I shouldn't be using
Undertow for SSL support and I'll start migrating to wrap with nginx.
On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <sdouglas(a)redhat.com> wrote:
Here is an example:
https://github.com/undertow-io/undertow/blob/master/examples/src/main/jav...
Looks like you have run into a bug, with regard to the
ClassCastException, you need to use the version that takes an
SslContext for now, although this should be fixed later today.
Stuart
On Fri, Dec 9, 2016 at 12:30 PM, Hicks, Matt <matt(a)matthicks.com> wrote:
> Well, I switched to using the signature that takes the KeyManagers array
and
> TrustManagers array and now I'm at least getting an error:
>
> java.lang.ClassCastException: org.xnio.ssl.JsseSslStreamConnection
cannot be
> cast to io.undertow.protocols.ssl.UndertowSslConnection at
>
io.undertow.protocols.ssl.UndertowXnioSsl.getSslConduit(UndertowXnioSsl.java:141)
>
> This seems like a really flimsy implementation. Am I better offer just
> wrapping Undertow with Apache or Nginx?
>
> On Thu, Dec 8, 2016 at 7:26 PM Bill O'Neil <bill(a)dartalley.com> wrote:
>>
>> Hmm I'm not sure. I SSL terminate before I hit undertow.
>>
>> On Thu, Dec 8, 2016 at 8:16 PM, Hicks, Matt <matt(a)matthicks.com> wrote:
>>>
>>> Also, to clarify, the HttpHandler's handleRequest is never being
called.
>>>
>>> On Thu, Dec 8, 2016 at 7:14 PM Hicks, Matt <matt(a)matthicks.com>
wrote:
>>>>
>>>> It was worth a try, but no change. Thanks for the suggestion though.
>>>>
>>>> On Thu, Dec 8, 2016 at 7:12 PM Bill O'Neil
<bill(a)dartalley.com>
wrote:
>>>>>
>>>>> Try the constructor with 4 args where you also pass a handler.
>>>>>
>>>>> public Builder addHttpsListener(int port, String host,
>>>>> SSLContext sslContext, HttpHandler rootHandler) {
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Dec 8, 2016 at 8:06 PM, Hicks, Matt
<matt(a)matthicks.com>
wrote:
>>>>>>
>>>>>> I've made some progress. After adding the following to the
builder:
>>>>>>
>>>>>> val password = config.https.password.get.toCharArray
>>>>>> val keyStore = KeyStore.getInstance("JKS")
>>>>>> val keyStoreFile = config.https.keyStoreLocation.get
>>>>>> assert(keyStoreFile.exists(), s"No keystore file was found
at the
>>>>>> location: ${keyStoreFile.getAbsolutePath}")
>>>>>> val keyStoreInput = new FileInputStream(keyStoreFile)
>>>>>> keyStore.load(keyStoreInput, password)
>>>>>> val keyManagerFactory =
>>>>>>
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
>>>>>> keyManagerFactory.init(keyStore, password)
>>>>>> val trustManagerFactory =
>>>>>>
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
>>>>>> trustManagerFactory.init(keyStore)
>>>>>> val sslContext = SSLContext.getInstance("TLS")
>>>>>> sslContext.init(keyManagerFactory.getKeyManagers,
>>>>>> trustManagerFactory.getTrustManagers, new SecureRandom)
>>>>>> builder.addHttpsListener(config.https.port.get,
config.https.host.get,
>>>>>> sslContext)
>>>>>>
>>>>>> Everything starts as expected, no errors, but when I hit
>>>>>> localhost:8443 with the browser it says "localhost
didn't send any
data".
>>>>>>
>>>>>> Should it use what I've set with
"builder.setHandler" for HTTPS as
>>>>>> well?
>>>>>>
>>>>>> On Thu, Dec 8, 2016 at 10:53 AM Hicks, Matt
<matt(a)matthicks.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> Is there any documentation for configuring SSL on my server?
I was
>>>>>>> looking through the online docs and found nothing (apart
from
"Assembling a
>>>>>>> Server Manually").
>>>>>>>
>>>>>>> Any assistance would be appreciated.
>>>>>>>
>>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> undertow-dev mailing list
>>>>>> undertow-dev(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>>>
>>>>>
>>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/undertow-dev
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev