users@grizzly.java.net

Re: Problem with SSL

From: Oleksiy Stashok <Oleksiy.Stashok_at_Sun.COM>
Date: Wed, 01 Oct 2008 12:18:57 +0200

Can you pls. share the client side code?

Thanks.

WBR,
Alexey.

On Oct 1, 2008, at 12:14 , quende wrote:

>
> Hello,
> this exception happens on the client side as the result of using
> SSLOutputWriter.flushChannel(..) on the server-side in one of the
> ProtocolFilters.
> Client gets exactly the same exception, if on server I define
> ProtocolChain
> as
>
> final SSLReadFilter readFilter = new SSLReadFilter();
> readFilter.setSSLContext(_sslConfig.createSSLContext());
>
> _controller.setProtocolChainInstanceHandler(new
> DefaultProtocolChainInstanceHandler()
> {
> @Override
> public ProtocolChain poll()
> {
> ProtocolChain _protocolChain = protocolChains.poll();
> if (_protocolChain == null)
> {
> _protocolChain = new DefaultProtocolChain();
> _protocolChain.addFilter(readFilter);
> _protocolChain.addFilter(new SSLEchoFilter());
> }
> return _protocolChain;
> }
> });
>
> On the client side the message sent from server comes first to
> onRead(IOEvent<Context> ioEvent), where
> it is passed forward to protocol chain as
> ioEvent.getProtocolChain().execute(ioEvent.attachment());
> and then the exception is detected in the first filter of
> ProtocolChain,
> which is SSLReadFilter.
>
> Thanks,
> -- Quende
>
>
> Oleksiy Stashok wrote:
>>
>> Hi,
>>
>> what are you using on client side?
>> Handshake fails, which could mean that client really sends plain data
>> (not SSL encoded).
>>
>> Thanks.
>>
>> WBR,
>> Alexey.
>>
>> On Oct 1, 2008, at 10:12 , quende wrote:
>>
>>>
>>> Hello,
>>> thanks for your code, but unfortunately, that didn't help - same
>>> error at
>>> the same place.
>>> Even if I don't use pipeline and send data to client (like
>>> SSLEchoFilter
>>> does) no matter with or without attaching stored WorkerThread
>>> attachment,
>>> the client doesn't recognize SSL message
>>>
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.Controller doSelect
>>> FINE: OP_READ on sun.nio.ch.SelectionKeyImpl_at_16a9d42
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.Controller pollContext
>>> FINE: pollContext(..) Context : com.sun.grizzly.Context_at_16cd7d5
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.util.SSLUtils unwrap
>>> FINE: start unwrap. buffer: java.nio.HeapByteBuffer[pos=0 lim=16660
>>> cap=16660] secured: java.nio.HeapByteBuffer[pos=53 lim=20480
>>> cap=20480]
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.util.SSLUtils unwrap
>>> FINER:
>>> java.lang.Thread.getStackTrace(Thread.java:1426)
>>> com.sun.grizzly.util.SSLUtils.unwrap(SSLUtils.java:245)
>>> com.sun.grizzly.util.SSLUtils.doHandshake(SSLUtils.java:427)
>>> com.sun.grizzly.util.SSLUtils.doHandshake(SSLUtils.java:377)
>>> com.sun.grizzly.filter.SSLReadFilter.doHandshake(SSLReadFilter.java:
>>> 223)
>>> com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:154)
>>> com
>>> .sun
>>> .grizzly
>>> .DefaultProtocolChain
>>> .executeProtocolFilter(DefaultProtocolChain.java:136)
>>> com
>>> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
>>> 103)
>>> com
>>> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
>>> 89)
>>> ClientTest
>>> .ClientCallbackHandlerToProtocolChain
>>> .onRead(ClientCallbackHandlerToProtocolChain.java:138)
>>> com.sun.grizzly.SSLConnectorHandler
>>> $SSLInternalCallbackHandler.onRead(SSLConnectorHandler.java:1196)
>>> com
>>> .sun
>>> .grizzly
>>> .CallbackHandlerContextTask.doCall(CallbackHandlerContextTask.java:
>>> 76)
>>> com
>>> .sun
>>> .grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:
>>> 56)
>>> com
>>> .sun
>>> .grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:
>>> 309)
>>> com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:168)
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.filter.SSLReadFilter log
>>> FINE: doHandshake
>>> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
>>> connection?
>>> at
>>> com
>>> .sun
>>> .net
>>> .ssl
>>> .internal
>>> .ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:
>>> 152)
>>> at
>>> com
>>> .sun
>>> .net
>>> .ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
>>> 754)
>>> at
>>> com
>>> .sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:
>>> 669)
>>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
>>> at com.sun.grizzly.util.SSLUtils.unwrap(SSLUtils.java:257)
>>> at com.sun.grizzly.util.SSLUtils.doHandshake(SSLUtils.java:
>>> 427)
>>> at com.sun.grizzly.util.SSLUtils.doHandshake(SSLUtils.java:
>>> 377)
>>> at
>>> com.sun.grizzly.filter.SSLReadFilter.doHandshake(SSLReadFilter.java:
>>> 223)
>>> at
>>> com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:154)
>>> at
>>> com
>>> .sun
>>> .grizzly
>>> .DefaultProtocolChain
>>> .executeProtocolFilter(DefaultProtocolChain.java:136)
>>> at
>>> com
>>> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
>>> 103)
>>> at
>>> com
>>> .sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:
>>> 89)
>>> at
>>> ClientTest
>>> .ClientCallbackHandlerToProtocolChain
>>> .onRead(ClientCallbackHandlerToProtocolChain.java:138)
>>> at
>>> com.sun.grizzly.SSLConnectorHandler
>>> $SSLInternalCallbackHandler.onRead(SSLConnectorHandler.java:1196)
>>> at
>>> com
>>> .sun
>>> .grizzly
>>> .CallbackHandlerContextTask.doCall(CallbackHandlerContextTask.java:
>>> 76)
>>> at
>>> com
>>> .sun
>>> .grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:
>>> 56)
>>> at
>>> com
>>> .sun
>>> .grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:
>>> 309)
>>> at
>>> com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:168)
>>> Oct 1, 2008 12:02:30 PM com.sun.grizzly.Controller returnContext
>>>
>>> Any ideas?
>>>
>>> Thanks in advance,
>>> -- Quende
>>>
>>>
>>> Jeanfrancois Arcand-2 wrote:
>>>>
>>>> Salut,
>>>>
>>>> quende wrote:
>>>>> Hello,
>>>>>
>>>>> John ROM wrote:
>>>>>> Just a guess:
>>>>>> In
>>>>>> DispatchFilter after SSLReader you do logically a
>>>>>> getDefaultPipeline().execute
>>>>>> ( {SSLOutputWriter.flushChannel(..) });
>>>>>>
>>>>>
>>>>> Yes, that's what i do.
>>>>>
>>>>>
>>>>> John ROM wrote:
>>>>>> This can't work for SSL because your code will be exeuted on a
>>>>>> new
>>>>>> WorkerThread
>>>>>> which has no SSL information...
>>>>>>
>>>>>>
>>>>>
>>>>> I think you are right. But what kind of information is it? I mean,
>>>>> where
>>>>> can
>>>>> I find one on the current thread and is there any chance to
>>>>> share it
>>>>> among
>>>>> newly created WorkerThreads? The concept of pipeline brings me
>>>>> necessary
>>>>> control over the number of threads, I don't want to give it up, so
>>>>> I wish
>>>>> there can be some workaround to keep the pipeline in SSL model.
>>>>
>>>> Mainly, what you need to do is to call:
>>>>
>>>> ThreadAttachment ta =
>>>> ((WorkerThread)Thread.currentThread()).detach();
>>>>
>>>> The ThreadAttachment contains everything you need. Now pass that
>>>> ThreadAttachment to your Callable/Runable, and make sure the first
>>>> operation you do consist of:
>>>>
>>>> ((WorkerThread)Thread.currentThread()).attach(ta);
>>>>
>>>> After that you are all set.
>>>>
>>>> Hope that help.
>>>>
>>>> -- Jeanfrancois
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> -- Quende
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Problem-with-SSL-tp19709902p19756290.html
>>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Problem-with-SSL-tp19709902p19757593.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>