SSL Config Problem..

mrochon mattrochon at gmail.com
Fri Jun 11 10:31:20 EDT 2010 

Hi I am following the secure chat example very closely with the exception
that I am trying to use an input stream of a self signed keystore I have
created.

This is my code for constructing the context:

[code]

            KeyStore ks = KeyStore.getInstance(config.getKeyStoreType());
           
ks.load(this.getClass().getResourceAsStream(config.getKeyStoreLocation()),
config.getKeyPassword().toCharArray());
            
            KeyManagerFactory kmf =
KeyManagerFactory.getInstance(config.getKeyStoreAlgorithm());
            kmf.init(ks, config.getCertPassword().toCharArray());
            
            tlsContext =
SSLContext.getInstance(config.getSecurityProtocol());
            tlsContext.init(kmf.getKeyManagers(),
SecureTrustManagerFactory.getTrustManagers(), null);
[/code]

with the following properties (pulled from the config object):

security.protocol=TLS
security.keystore.algorithm=SunX509
security.keystore.type=JKS
security.keystore.location=/keystore
security.keystore.cert.password=password
security.keystore.key.password=password

The problem is that when I try to ssh to the server the first connection
just hangs and handshake never completes. If i close the ssh window, i get
an exception: 

java.nio.channels.ClosedChannelException
	at
org.jboss.netty.handler.ssl.SslHandler.channelDisconnected(SslHandler.java:396)

On subsequent connections the error happens immediately. Debugging through
the code, the handshake method's ChannelFuture has the exception immediately
after being called (before even registering my event listener).

[code]
        log.info("Connected!");
        
        final SslHandler sslHandler =
ctx.getPipeline().get(SslHandler.class);
        
        // Get notified when SSL handshake is done.

        ChannelFuture handshakeFuture =
sslHandler.handshake(e.getChannel());
        //hanshakeFuture already has the ClosedChannelException as its
cause.

        handshakeFuture.addListener(this);
[/code]

The file is loaded successfully, so it should not be a problem with
accessibility of resources.

I have never worked with SSL/TLS before so its entirely possible it is
something I don't correctly understand.

-- 
View this message in context: http://netty-forums-and-mailing-lists.685743.n2.nabble.com/SSL-Config-Problem-tp5168143p5168143.html
Sent from the Netty User Group mailing list archive at Nabble.com.

More information about the netty-users mailing list