Re: [Jetty-support] Mutual SSL Support for the Jetty HTTP Client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [Jetty-support] Mutual SSL Support for the Jetty HTTP Client

Jesse McConnell
I'll mention it again since its been a while, but the source forge
lists are from ages past and are not actively used at all.

I am cc'ing this to the users list @ eclipse and codehaus for you though :)

cheers!
jesse

--
jesse mcconnell
[hidden email]



On Tue, Mar 9, 2010 at 09:51, SCHIEFELBEIN, ANDREW (ATTSI)
<[hidden email]> wrote:

> Greetings,
>
> We’re trying to implement mutual SSL support with the Jetty HTTP Client and
> are getting a bit hung up.  When attempting this:
>
>
>
>       private static void httpsTest(HttpClient httpClient)
>
>       {
>
>             try {
>
> HttpClient httpsClient = new HttpClient();
>
>
> httpsClient.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);
>
>                   httpsClient.setKeyManagerPassword("password");
>
>                   httpsClient.setKeyStoreLocation("etc/keystore.jks");
>
>                   httpsClient.setKeyStorePassword("password");
>
>                   httpsClient.setTrustStoreLocation("etc/keystore.jks");
>
>                   httpsClient.setTrustStorePassword("password");
>
>
>
>                   httpsClient.start();
>
>
>
>                   contentExchange = new ContentExchange();
>
>
> httpsClient.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);
>
>                   contentExchange.setMethod("GET");
>
>                   contentExchange.setURL(httpsURL);
>
>                   contentExchange.setScheme(HttpSchemes.HTTPS_BUFFER);
>
>                   httpsClient.send(contentExchange);
>
>                   contentExchange.waitForDone();
>
>                   printHTTPResponse(contentExchange, "HTTPS");
>
>             } catch (Exception e) {
>
>                   // TODO Auto-generated catch block
>
>                   e.printStackTrace();
>
>             }
>
>       }
>
>
>
> We get this:
>
>
>
> 2010-03-09 09:34:19.800:WARN::SSL renegotiate denied:
> java.nio.channels.SocketChannel[connected local=/localhost:1175
> remote=host/hostname:443]
>
> 2010-03-09 09:34:19.800:WARN::EXCEPTION
> ContentExchange@32794782=GET//hostname:443/MutualSSL#9
>
> org.eclipse.jetty.io.EofException
>
>       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:310)
>
>       at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
>
>       at
> org.eclipse.jetty.client.HttpConnection.handle(HttpConnection.java:239)
>
>       at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462)
>
>       at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
>
>       at java.lang.Thread.run(Unknown Source)
>
>
>
>
>
> A quick look at the http server logs (when set to debug the ssl traffic)
> reveal:
>
> [Tue Mar 09 09:43:53 2010] [debug] ssl_engine_kernel.c(1907): OpenSSL: Exit:
> failed in SSLv3 read client certificate A
>
> [Tue Mar 09 09:43:53 2010] [error] [client 10.160.249.123] Re-negotiation
> handshake failed: Not accepted by client!?
>
> [Tue Mar 09 09:43:53 2010] [debug] ssl_engine_io.c(1869): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#b09b2f0 [mem: b0a29c0]
>
> [Tue Mar 09 09:43:53 2010] [info] [client 10.160.249.123] (104)Connection
> reset by peer: SSL input filter read failed.
>
> [Tue Mar 09 09:43:53 2010] [info] [client 10.160.249.123] (32)Broken pipe:
> core_output_filter: writing data to the network
>
>
>
>
>
> Any guidance would be much appreciated.
>
>
>
> Thanks
>
> Andy
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Jetty-support mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-support
>
>

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support