dev@glassfish.java.net

GFv3 b41 and Grizzly 1.9.10 and ssl implementations

From: Henry Story <Henry.Story_at_Sun.COM>
Date: Thu, 26 Mar 2009 21:41:03 +0100

Hi,

        To try out the fix of bug https://grizzly.dev.java.net/issues/show_bug.cgi?id=486

I tried building GFv3 b41 from source with Grizzly 1.9.10. After a lot
of simplifying I decided to try without a war, just to see what would
happen if I tried to GET https://localhost:8181/index.html
in the browser.

So with this

$ bin/asadmin list-system-properties
com.sun.grizzly.ssl.auth=need

Grizzly does not ask for any certificate from the client. Yet I guess
it should. (unless it is asking the client for certificates with
signed by specific CAs?)

If I try the sslImplementation (which I know is picked up because if I
put the wrong class name it throws an error)

$ bin/asadmin list-system-properties
org.jsslutils.extra.grizzly.clientauth=want
com.sun.grizzly.ssl.auth=need
org.jsslutils.extra.grizzly.acceptAnyCert=true
com
.sun
.grizzly
.ssl
.sslImplementation=org.jsslutils.extra.grizzly.JSSLutilsImplementation

Then after starting GF

$ grep -i jss domains/domain1/logs/server.log
[#|2009-03-26T20:49:00.721+0100|FINE|glassfish|
org.jsslutils.extra.grizzly|
_ThreadID=18;_ThreadName=Thread-1;ClassName=null;MethodName=null;|
org.jsslutils.extra.grizzly.JSSLutilsImplementation instantiated.|#]
[#|2009-03-26T20:49:01.321+0100|FINE|glassfish|
org.jsslutils.extra.grizzly|
_ThreadID=21;_ThreadName=Thread-1;ClassName=null;MethodName=null;|
org.jsslutils.extra.grizzly.JSSLutilsImplementation instantiated.|#]
[#|2009-03-26T20:49:01.334+0100|FINE|glassfish|
org.jsslutils.extra.grizzly|
_ThreadID=22;_ThreadName=Thread-1;ClassName=null;MethodName=null;|
org.jsslutils.extra.grizzly.JSSLutilsImplementation instantiated.|#]

But again I don't get asked for a client certificate, and more to the
point none of the org.jsslutils.extra.grizzly.JSSLutilsImplementation
methods get called (they are all commented carefully).

Is the expected behavior that a certificate should be requested in
those cases when requesting

        https://localhost:8181/index.html

I am trying to find out how to test that the fix is working.

Also, do you have any tips on how to Bruno's ssl implementation on a
grizzly by itself?

Henry

Blog: http://blogs.sun.com/bblfish
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.