directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Campbell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2043) SSL connection failures errors are useless
Date Wed, 04 May 2016 16:57:13 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15270977#comment-15270977
] 

Robert Campbell commented on DIRSERVER-2043:
--------------------------------------------

I did this with my Mac, assuming the wrapper.conf file was the place to add the debug parameters
you proposed.
bq.
# Application parameters.  Add parameters as needed starting from 1
wrapper.app.parameter.1=%INSTANCE_DIRECTORY%
wrapper.app.parameter.2=-Djavax.net.debug=ssl:handshake

error seems to correspond with command line error message I got while using ldapsearch instread
of just a connection using DS Studio

Error while opening connection
 - OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037)
has failed to process your request
org.apache.directory.api.ldap.model.exception.LdapOperationException: OTHER: Extended operation
handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037) has failed to process your
request:
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter
in (0x00000001: nio socket, server, /127.0.0.1:50699 => /127.0.0.1:10389)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
	at org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128)
	at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64)
	at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
	at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
	at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
	at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: TLSV1
	at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
	at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
	at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
	at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
	at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
	at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
	... 17 more

	at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3867)
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1283)
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1198)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:365)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457)
	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303)
	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)

OTHER: Extended operation handler for the specified EXTENSION_OID (1.3.6.1.4.1.1466.20037)
has failed to process your request:
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter
in (0x00000001: nio socket, server, /127.0.0.1:50699 => /127.0.0.1:10389)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
	at org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.handleExtendedOperation(StartTlsHandler.java:128)
	at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64)
	at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:222)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
	at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
	at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
	at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: TLSV1
	at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
	at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
	at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
	at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
	at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
	at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:427)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
	... 17 more



> SSL connection failures errors are useless
> ------------------------------------------
>
>                 Key: DIRSERVER-2043
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2043
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M19
>            Reporter: Roy Wellington
>            Priority: Minor
>
> When connecting, if StartTLS fails, you get an error such as the following:
> {noformat}
> Error while opening connection
>  - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake
failed.
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3939)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1178)
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:368)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306)
> 	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> 	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> 	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
> SSL handshake failed.
> {noformat}
> But _why_ did the SSL handshake fail? I don't need the stack trace, I need to know what
exactly failed, something like what Firefox/Chrome do on SSL failures. I'm trying to debug
this right now, and I have absolutely no idea what's going on here.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message