SSLException in SslHandler; based on SecureChat example
bwagner
bwagner at mpowertrading.com
Tue Apr 14 12:35:27 EDT 2009
Thank you very much for getting back to me so quickly. We’re running 3.1.0 beta in QA right now and after a week I’ll post on the forum if everything went smoothly. So far so good! Thank you for an excellent NIO management implementation.
Bryan Wagner
From: Trustin Lee-2 (via Nabble) [mailto:ml-user+63047-577759696 at n2.nabble.com]
Sent: Monday, April 13, 2009 3:00 PM
To: Bryan Wagner
Subject: Re: SSLException in SslHandler; based on SecureChat example
Hi,
Thanks for the detailed problem report. Fortunately, I experienced
the same issue and it was fixed in 3.1.0.ALPHA3 (or 2). I just forgot
to log this change to the release note. You can find it in SslHandler
changelog though:
http://fisheye.jboss.org/browse/Netty/trunk/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
Check the revision # around 496.
So, I'd suggest you to try 3.1.0.BETA1 meanwhile. Let me know using
3.1.0.BETA1 fixes the problem.
HTH,
— Trustin Lee, http://gleamynode.net/
On Tue, Apr 14, 2009 at 1:56 AM, bwagner <bwagner at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=0> > wrote:
>
> N.B. I forgot to mention that the exception is truly non-deterministic in behavior. It will happen even after other client connections have been established. Typically, launching the client application again will result in a successful connection. The client-side handlers are also based on the examples and are highly symmetric with the server code. I am using SecureKeyStore and SecureTrustManagerFactory from the example without any modifications.
>
> Client ChannelPipelineFactory:
>
>
> public class ClientNettyPipelineFactory implements ChannelPipelineFactory {
>
> protected INettySocket nettySocket; // the reference to the {@link INettySocket} instance
>
> /**
> * Creates a new {@link NettyPipelineFactory}.
> * @param nettySocket the reference to the {@link INettySocket} instance
> */
> public ClientNettyPipelineFactory(INettySocket nettySocket) {
> this.nettySocket = nettySocket;
> }
>
> public ChannelPipeline getPipeline() throws Exception {
> ChannelPipeline channelPipeline = Channels.pipeline();
>
> // Add SSL handler first to encrypt and decrypt everything. In this example, we use a bogus certificate in the server side
> // and accept any invalid certificates in the client side. You will need something more complicated to identify both client
> // and server in the real world.
> SSLContext clientContext = SecureSslContextFactory.getClientContext();
> SSLEngine sslEngine = clientContext.createSSLEngine();
> sslEngine.setUseClientMode(true);
> channelPipeline.addLast("ssl", new SslHandler(sslEngine));
>
> // add object decoder/encoder
> channelPipeline.addLast("decoder", new ObjectDecoder());
> channelPipeline.addLast("encoder", new ObjectEncoder());
>
> // create a new {@link ClientNettyHandler} instance for each new channel
> NettyHandler nettyHandler = new ClientNettyHandler(this.nettySocket);
> channelPipeline.addLast("handler", nettyHandler);
>
> return channelPipeline;
> }
> }
>
>
>
> Client SslContextFactory:
>
>
> public class SecureSslContextFactory {
>
> private static final String PROTOCOL = "TLS";
> private static SSLContext CLIENT_CONTEXT = null;
> private static final Object LOCK = new Object();
>
> /**
> * Creates the client SSL context.
> */
> private static void createClientInstance() {
> SSLContext clientContext = null;
> try {
> KeyManager[] keyManagers = null;
> TrustManager[] trustManagers = SecureTrustManagerFactory.getTrustManagers();
> SecureRandom secureRandom = null;
> clientContext = SSLContext.getInstance(PROTOCOL);
> clientContext.init(keyManagers, trustManagers, secureRandom);
> }
> catch (Exception e) {
> throw new Error("Failed to initialize the client-side SSLContext", e);
> }
>
> CLIENT_CONTEXT = clientContext;
> if (CLIENT_CONTEXT == null) {
> throw new Error("Failed to initialize the client-side SSLContext: CLIENT_CONTEXT=" + CLIENT_CONTEXT);
> }
> }
>
> /**
> * Returns the singleton client-side SSL context.
> * @return the singleton client-side SSL context
> */
> public static SSLContext getClientContext() {
> if (CLIENT_CONTEXT == null) {
> synchronized (LOCK) {
> if (CLIENT_CONTEXT == null) {
> createClientInstance();
> }
> }
> }
> return CLIENT_CONTEXT;
> }
> }
>
>
>
> Relevent code from client Netty socket handler:
>
>
> public class ClientNettySocket implements INettySocket {
>
> ...
>
> protected ExecutorService bossExecutor; // the main executor service for the Netty {@link ChannelFactory}
> protected ExecutorService workerExecutor; // the auxiliary executor service for the Netty {@link ChannelFactory}
> protected ChannelFactory channelFactory; // the Netty factory for creating {@link Channel} instances
> protected ChannelPipelineFactory channelPipelineFactory; // the factory used to bootstrap encoders and handlers with each {@link Channel} instance
> protected ClientBootstrap clientBootstrap; // the Netty factory for bootstrapping {@link Channel} instances with the encoders and handlers of {@link NettyPipelineFactory}
>
> /**
> * Creates a new {@link ClientNettySocket}.
> * @param sessionSocketListener the reference to the {@link ISessionSocketListener} to send session events to
> */
> public ClientNettySocket(ISessionSocketListener sessionSocketListener) {
>
> SecureSslContextFactory.getClientContext(); // make sure the SSL context is cached
>
> this.sessionSocketListener = sessionSocketListener;
> this.sessionChannel = null;
>
> this.bossExecutor = Executors.newCachedThreadPool();
> this.workerExecutor = Executors.newCachedThreadPool();
> this.channelFactory = new NioClientSocketChannelFactory(bossExecutor, workerExecutor);
> this.channelPipelineFactory = new ClientNettyPipelineFactory(this);
> this.clientBootstrap = new ClientBootstrap(channelFactory);
>
> clientBootstrap.setPipelineFactory(channelPipelineFactory);
> clientBootstrap.setOption("tcpNoDelay", true);
> clientBootstrap.setOption("keepAlive", true);
> }
>
> ...
>
> }
>
> --
> View this message in context: http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2628633.html
> Sent from the Netty User Group mailing list archive at Nabble.com.
>
> _______________________________________________
> netty-users mailing list
> netty-users at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=1>
> https://lists.jboss.org/mailman/listinfo/netty-users
>
_______________________________________________
netty-users mailing list
netty-users at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=2>
https://lists.jboss.org/mailman/listinfo/netty-users
________________________________
This email is a reply to your post @ http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2629360.html
You can reply by email or by visting the link above.
--
View this message in context: http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2634046.html
Sent from the Netty User Group mailing list archive at Nabble.com.
More information about the netty-users
mailing list