Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Java SOAP SSL client failed to connect with Condor (v.7.4.4)
- Date: Wed, 4 Apr 2012 14:17:42 -0500
- From: Zhu Wayne <zhuw.chicago@xxxxxxxxx>
- Subject: [Condor-users] Java SOAP SSL client failed to connect with Condor (v.7.4.4)
I really appreciate if someone could shed some light on this? I am
really frustrated by this.
I used openssl to generate server and client certificates for SOAP SSL
in LINUX. I tested with openssl s_client utility and was enable to
connect.
However, when I tried with Eclipse web service client using axis
framework (not axis2), I got handshake_failure error. I have converted
openssl generated cacert, client certificate with private key pem
files to der files and installed successfully with keytool. However, I
got andshake_failure error. I turned on debug on Condor Collector and
only got the following in CollectorLog:
04/04 14:15:09 SOAP SSL connection attempt from <10.27.78.97:2721>
failed: SSL_accept() failed in soap_ssl_accept()
Here is the Java client log in Eclipse:
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=myemail, CN=wiwebcm301p, OU=OBU, O=mycomp,
ST=mystate, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 139510076572918419788263318355670259356443730654179888141686065871997411532732580004113663431275663079413325529440120552492502013584887485219389654116666043631953306969284467685718220097546307499210448890909851486763681008523238604264436206616195099778591017691033128670788497997391550141730077843512864908923
public exponent: 65537
Validity: [From: Tue Apr 03 14:51:16 CDT 2012,
To: Fri Apr 03 14:51:16 CDT 2015]
Issuer: EMAILADDRESS=myemail, CN=wiwebcm301p, OU=OBU, O=mycomp,
ST=mystate, C=US
SerialNumber: [ 00]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DA 37 3D D7 09 EF 33 16 CA 2D F2 2D 94 87 2D 08 .7=...3..-.-..-.
0010: 4C 25 31 B4 L%1.
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: DA 37 3D D7 09 EF 33 16 CA 2D F2 2D 94 87 2D 08 .7=...3..-.-..-.
0010: 4C 25 31 B4 L%1.
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: A6 43 08 5B 01 12 BD 8D 62 1D 69 9B 95 5B 46 4A .C.[....b.i..[FJ
0010: 9E EB DA E5 D3 29 1D 22 9A 5C FD 19 0D ED F6 C3 .....).".\......
0020: 25 69 FF FD F8 2D EE 11 7D 1C FE CE 4D CB 79 B5 %i...-......M.y.
0030: 9A F8 D5 6E 90 EB 86 D7 98 C8 71 50 03 C7 E1 26 ...n......qP...&
0040: 4E 5F 3D EA 8B D0 06 F0 82 0C 21 73 2C 29 80 B2 N_=.......!s,)..
0050: 60 A2 EB 6C 45 8C 8D 4B 3E 41 16 BA E7 6C 5D 3F `..lE..K>A...l]?
0060: 3D AE CB 73 D4 82 70 A8 AC 5A 38 69 7B C5 C6 8E =..s..p..Z8i....
0070: 6C 42 7E E1 B8 62 FD C2 4B 31 54 E9 8A D3 F6 B8 lB...b..K1T.....
]
main, READ: TLSv1 Handshake, length = 134
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<EMAILADDRESS=myemail, CN=wiwebcm301p, OU=OBU, O=mycomp, ST=mystate, C=US>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 51 7F E3 9B 5A 3E 33 23 01 AA 65 6D 94 F2 ..Q...Z>3#..em..
0010: C9 E2 6B D2 1C 66 45 0E EE 05 18 69 B2 59 77 FE ..k..fE....i.Yw.
0020: 11 B3 2C 3E 7F 18 BF FE E9 4E 63 43 BF 14 A7 57 ..,>.....NcC...W
CONNECTION KEYGEN:
Client Nonce:
0000: 4F 7C 9A 88 EF 82 8C AA EC DC 97 FA 8A F4 A4 0E O...............
0010: 66 7A E6 10 BF EC 7D 96 49 C0 04 FB EE 69 E3 FC fz......I....i..
Server Nonce:
0000: 4F 7C 9A 88 2B 50 1E 9B CF D0 3B F8 12 56 AE CE O...+P....;..V..
0010: 61 71 18 5F DF AE B4 0B 33 D6 EE 85 14 1C 69 8B aq._....3.....i.
Master Secret:
0000: 1A F7 4D C8 8E 99 BA D6 A1 11 2F 76 2D 5A C1 40 ..M......./v-Z.@
0010: E6 A2 72 0F FB A4 0F 72 4B 57 11 24 54 9B 87 1A ..r....rKW.$T...
0020: FE AD 14 94 B2 C2 B1 9A EC D8 EF 2A F3 72 CF 1B ...........*.r..
Client MAC write Secret:
0000: CA BE 7B CA AF 73 DF 5E F3 0C 2E 7E 7B DC 03 01 .....s.^........
Server MAC write Secret:
0000: B4 35 8B C5 D8 B6 B6 74 39 AD 6D C6 71 B2 38 FF .5.....t9.m.q.8.
Client write key:
0000: F8 09 20 CB 0E D4 68 13 92 33 4C 7C 9C 27 79 75 .. ...h..3L..'yu
Server write key:
0000: C1 05 BD 6A A3 FF A5 F1 75 FA 30 CA 7F D1 F0 A7 ...j....u.0.....
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 81, 57, 203, 179, 218, 222, 16, 146, 194, 118, 172, 104 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: Received fatal
alert: handshake_failure
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at condor.CondorCollectorStub.getPlatformString(CondorCollectorStub.java:370)
at CondorCollectorSoaptest.main(CondorCollectorSoaptest.java:27)
$ openssl s_client -cert CA/x/client-cert-key.pem -CAfile
CA/cacert.pem -connect wiwebcm301p.qa.ch3.s.com:9818
Enter pass phrase for CA/x/client-cert-key.pem:
CONNECTED(00000003)
...
SSL handshake has read 1743 bytes and written 1950 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
14F8D282B438120412DAA5F89BB31B20EC8150AD0A5864912E3F128D2E245D0E7C10C7BA97E6ADE661124566CDAF4E39
Key-Arg : None
Krb5 Principal: None
Start Time: 1333566394
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed