SSLException in SslHandler; based on SecureChat example
Trustin Lee
tlee at redhat.com
Wed Apr 15 03:56:41 EDT 2009
Hi Bryan,
I wanted to give a lighting fast response because I thought you
deserve it considering the quality of the bug report. :)
Also, you might want to try the latest nightly build because there was
another bug in SslHandler. For more information, check this out -
https://jira.jboss.org/jira/browse/NETTY-143
HTH,
— Trustin Lee, http://gleamynode.net/
On Wed, Apr 15, 2009 at 1:35 AM, bwagner <bwagner at mpowertrading.com> wrote:
>
> Thank you very much for getting back to me so quickly. We’re running 3.1.0 beta in QA right now and after a week I’ll post on the forum if everything went smoothly. So far so good! Thank you for an excellent NIO management implementation.
>
> Bryan Wagner
>
> From: Trustin Lee-2 (via Nabble) [mailto:ml-user+63047-577759696 at n2.nabble.com]
> Sent: Monday, April 13, 2009 3:00 PM
> To: Bryan Wagner
> Subject: Re: SSLException in SslHandler; based on SecureChat example
>
> Hi,
>
> Thanks for the detailed problem report. Fortunately, I experienced
> the same issue and it was fixed in 3.1.0.ALPHA3 (or 2). I just forgot
> to log this change to the release note. You can find it in SslHandler
> changelog though:
>
> http://fisheye.jboss.org/browse/Netty/trunk/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
>
> Check the revision # around 496.
>
> So, I'd suggest you to try 3.1.0.BETA1 meanwhile. Let me know using
> 3.1.0.BETA1 fixes the problem.
>
> HTH,
>
> — Trustin Lee, http://gleamynode.net/
>
> On Tue, Apr 14, 2009 at 1:56 AM, bwagner <bwagner at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=0> > wrote:
>
>> N.B. I forgot to mention that the exception is truly non-deterministic in behavior. It will happen even after other client connections have been established. Typically, launching the client application again will result in a successful connection. The client-side handlers are also based on the examples and are highly symmetric with the server code. I am using SecureKeyStore and SecureTrustManagerFactory from the example without any modifications.
>>
>> Client ChannelPipelineFactory:
>>
>>
>> public class ClientNettyPipelineFactory implements ChannelPipelineFactory {
>>
>> protected INettySocket nettySocket; // the reference to the {@link INettySocket} instance
>>
>> /**
>> * Creates a new {@link NettyPipelineFactory}.
>> * @param nettySocket the reference to the {@link INettySocket} instance
>> */
>> public ClientNettyPipelineFactory(INettySocket nettySocket) {
>> this.nettySocket = nettySocket;
>> }
>>
>> public ChannelPipeline getPipeline() throws Exception {
>> ChannelPipeline channelPipeline = Channels.pipeline();
>>
>> // Add SSL handler first to encrypt and decrypt everything. In this example, we use a bogus certificate in the server side
>> // and accept any invalid certificates in the client side. You will need something more complicated to identify both client
>> // and server in the real world.
>> SSLContext clientContext = SecureSslContextFactory.getClientContext();
>> SSLEngine sslEngine = clientContext.createSSLEngine();
>> sslEngine.setUseClientMode(true);
>> channelPipeline.addLast("ssl", new SslHandler(sslEngine));
>>
>> // add object decoder/encoder
>> channelPipeline.addLast("decoder", new ObjectDecoder());
>> channelPipeline.addLast("encoder", new ObjectEncoder());
>>
>> // create a new {@link ClientNettyHandler} instance for each new channel
>> NettyHandler nettyHandler = new ClientNettyHandler(this.nettySocket);
>> channelPipeline.addLast("handler", nettyHandler);
>>
>> return channelPipeline;
>> }
>> }
>>
>>
>>
>> Client SslContextFactory:
>>
>>
>> public class SecureSslContextFactory {
>>
>> private static final String PROTOCOL = "TLS";
>> private static SSLContext CLIENT_CONTEXT = null;
>> private static final Object LOCK = new Object();
>>
>> /**
>> * Creates the client SSL context.
>> */
>> private static void createClientInstance() {
>> SSLContext clientContext = null;
>> try {
>> KeyManager[] keyManagers = null;
>> TrustManager[] trustManagers = SecureTrustManagerFactory.getTrustManagers();
>> SecureRandom secureRandom = null;
>> clientContext = SSLContext.getInstance(PROTOCOL);
>> clientContext.init(keyManagers, trustManagers, secureRandom);
>> }
>> catch (Exception e) {
>> throw new Error("Failed to initialize the client-side SSLContext", e);
>> }
>>
>> CLIENT_CONTEXT = clientContext;
>> if (CLIENT_CONTEXT == null) {
>> throw new Error("Failed to initialize the client-side SSLContext: CLIENT_CONTEXT=" + CLIENT_CONTEXT);
>> }
>> }
>>
>> /**
>> * Returns the singleton client-side SSL context.
>> * @return the singleton client-side SSL context
>> */
>> public static SSLContext getClientContext() {
>> if (CLIENT_CONTEXT == null) {
>> synchronized (LOCK) {
>> if (CLIENT_CONTEXT == null) {
>> createClientInstance();
>> }
>> }
>> }
>> return CLIENT_CONTEXT;
>> }
>> }
>>
>>
>>
>> Relevent code from client Netty socket handler:
>>
>>
>> public class ClientNettySocket implements INettySocket {
>>
>> ...
>>
>> protected ExecutorService bossExecutor; // the main executor service for the Netty {@link ChannelFactory}
>> protected ExecutorService workerExecutor; // the auxiliary executor service for the Netty {@link ChannelFactory}
>> protected ChannelFactory channelFactory; // the Netty factory for creating {@link Channel} instances
>> protected ChannelPipelineFactory channelPipelineFactory; // the factory used to bootstrap encoders and handlers with each {@link Channel} instance
>> protected ClientBootstrap clientBootstrap; // the Netty factory for bootstrapping {@link Channel} instances with the encoders and handlers of {@link NettyPipelineFactory}
>>
>> /**
>> * Creates a new {@link ClientNettySocket}.
>> * @param sessionSocketListener the reference to the {@link ISessionSocketListener} to send session events to
>> */
>> public ClientNettySocket(ISessionSocketListener sessionSocketListener) {
>>
>> SecureSslContextFactory.getClientContext(); // make sure the SSL context is cached
>>
>> this.sessionSocketListener = sessionSocketListener;
>> this.sessionChannel = null;
>>
>> this.bossExecutor = Executors.newCachedThreadPool();
>> this.workerExecutor = Executors.newCachedThreadPool();
>> this.channelFactory = new NioClientSocketChannelFactory(bossExecutor, workerExecutor);
>> this.channelPipelineFactory = new ClientNettyPipelineFactory(this);
>> this.clientBootstrap = new ClientBootstrap(channelFactory);
>>
>> clientBootstrap.setPipelineFactory(channelPipelineFactory);
>> clientBootstrap.setOption("tcpNoDelay", true);
>> clientBootstrap.setOption("keepAlive", true);
>> }
>>
>> ...
>>
>> }
>>
>> --
>> View this message in context: http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2628633.html
>> Sent from the Netty User Group mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=1>
>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at ... <http://n2.nabble.com/user/SendEmail.jtp?type=node&node=2629360&i=2>
> https://lists.jboss.org/mailman/listinfo/netty-users
>
>
>
> ________________________________
>
> This email is a reply to your post @ http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2629360.html
> You can reply by email or by visting the link above.
>
>
>
>
> --
> View this message in context: http://n2.nabble.com/SSLException-in-SslHandler--based-on-SecureChat-example-tp2628574p2634046.html
> Sent from the Netty User Group mailing list archive at Nabble.com.
>
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
>
More information about the netty-users
mailing list