dev@grizzly.java.net

Fwd: New SSL problem with secure admin, only with Java SE 1.6.0_23

From: Tim Quinn <tim.quinn_at_oracle.com>
Date: Wed, 12 Jan 2011 12:58:35 -0600

This problem turned out to be pilot error.

Using 1.6.0_22 or later still works fine.

Whew!

- Tim

Begin forwarded message:

> From: Oleksiy Stashok <Oleksiy.Stashok_at_oracle.com>
> Date: January 12, 2011 12:49:03 PM CST
> To: Tim Quinn <tim.quinn_at_oracle.com>
> Cc: Justin Lee <justin.d.lee_at_oracle.com>, Ryan Lubke <ryan.lubke_at_oracle.com
> >
> Subject: Re: New SSL problem with secure admin, only with Java SE
> 1.6.0_23
>
> Hi Tim,
>
> that's good news :)
>
> Can I also ask you to send this to mailing list for consistency?
>
> Thank you.
>
> WBR,
> Alexey.
>
> On Jan 12, 2011, at 19:43 , Tim Quinn wrote:
>
>> Never mind, guys.
>>
>> False alarm. I was setting a JAVA_HOME env var incorrectly so that
>> my test system used the java on the path - which was quite old.
>>
>> When I set the env var correctly, everything behaved just fine.
>>
>> Sheesh.
>>
>> Sorry for the noise.
>>
>> - Tim
>>
>> On Jan 12, 2011, at 12:07 PM, Tim Quinn wrote:
>>
>>> (My msg to the alias said "forwarded to editors" - I had forgotten
>>> this happened the last time I wrote to dev_at_grizzly.java.net). So
>>> I'm resending directly.
>>>
>>> Thanks for any insight you can offer.
>>>
>>> - Tim
>>>
>>> Begin forwarded message:
>>>
>>>> From: Tim Quinn <tim.quinn_at_oracle.com>
>>>> Date: January 12, 2011 11:51:52 AM CST
>>>> To: dev_at_grizzly.java.net
>>>> Subject: New SSL problem with secure admin, only with Java SE
>>>> 1.6.0_23
>>>>
>>>> Hi, folks.
>>>>
>>>> Help!
>>>>
>>>> Secure admin has been working fine for a while now. But using SE
>>>> 1.6.0_23 we are getting problems.
>>>>
>>>> In this sequence:
>>>>
>>>> asadmin start-domain
>>>> asadmin enable-secure-admin
>>>> asadmin stop-domain
>>>> asadmin start-domain
>>>>
>>>> All works fine. Then trying any asadmin command that talks to
>>>> the DAS, such as
>>>>
>>>> asadmin version
>>>>
>>>> the command stalls - does not display the DAS's cert - and the
>>>> server.log contains the now-familiar errors pasted below.
>>>>
>>>> Are you guys aware of any changes from _22 to _23 that might
>>>> account for this? There is nothing obvious to me in the _23
>>>> release notes.
>>>>
>>>> Thanks.
>>>>
>>>> - Tim
>>>>
>>>> [#|2011-01-10T19:58:22.412-0800|WARNING|glassfish3.1|
>>>> com.sun.grizzly.config.GrizzlyServiceListener|
>>>> _ThreadID=27;_ThreadName=admin-thread-pool-4848(27);|
>>>> processorTask.exceptionSSLcert
>>>> javax.net.ssl.SSLHandshakeException: Insecure renegotiation is
>>>> not allowed
>>>> at
>>>> com
>>>> .sun
>>>> .net
>>>> .ssl
>>>> .internal.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:
>>>> 635)
>>>> at
>>>> com
>>>> .sun
>>>> .net
>>>> .ssl.internal.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:
>>>> 689)
>>>> at
>>>> com
>>>> .sun.grizzly.util.SSLUtils.doPeerCertificateChain(SSLUtils.java:
>>>> 559)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .filter.SSLReadFilter.doPeerCertificateChain(SSLReadFilter.java:
>>>> 340)
>>>> at
>>>> com.sun.grizzly.ssl.SSLProcessorTask.action(SSLProcessorTask.java:
>>>> 153)
>>>> at com.sun.grizzly.tcp.Request.action(Request.java:430)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .tcp.http11.GrizzlyRequest.getAttribute(GrizzlyRequest.java:835)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .tcp.http11.GrizzlyRequest.getUserPrincipal(GrizzlyRequest.java:
>>>> 1834)
>>>> at
>>>> org
>>>> .glassfish
>>>> .admin
>>>> .rest
>>>> .adapter.RestAdapter.authenticateViaAdminRealm(RestAdapter.java:
>>>> 304)
>>>> at
>>>> org
>>>> .glassfish
>>>> .admin.rest.adapter.RestAdapter.authenticate(RestAdapter.java:227)
>>>> at
>>>> org
>>>> .glassfish
>>>> .admin.rest.adapter.RestAdapter.service(RestAdapter.java:163)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
>>>> at
>>>> com
>>>> .sun
>>>> .enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
>>>> at
>>>> com
>>>> .sun
>>>> .enterprise
>>>> .v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
>>>> at
>>>> com
>>>> .sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:
>>>> 818)
>>>> at
>>>> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:
>>>> 719)
>>>> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:
>>>> 1008)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .DefaultProtocolChain
>>>> .executeProtocolFilter(DefaultProtocolChain.java:137)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
>>>> 104)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
>>>> at
>>>> com
>>>> .sun
>>>> .grizzly
>>>> .SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
>>>> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
>>>> at com.sun.grizzly.util.AbstractThreadPool
>>>> $Worker.doWork(AbstractThreadPool.java:532)
>>>> at com.sun.grizzly.util.AbstractThreadPool
>>>> $Worker.run(AbstractThreadPool.java:513)
>>>> at java.lang.Thread.run(Thread.java:680)
>>>> |#]
>>>
>>
>