mina-ftpserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Unsupported record version Unknown-0.0 when cert chain cannot be found
Date Sun, 13 Mar 2011 13:16:58 GMT
I'm trying to enable client authentication (for testing Commons Net).

I added

<ssl client-authentication="NEED">

and

<truststore file="./res/mytruststore.jks" password="password" />

to the configuration, but I now get the following error in the client
application:

 javax.net.ssl.SSLException: Unsupported record version Unknown-0.0

Checking the ftp server log shows the following:


javax.net.ssl.SSLHandshakeException: SSL handshake failed.
	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:433)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
	at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:638)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61)
	at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969)
	at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException: null cert chain
	at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:480)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1120)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1092)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:502)
	at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:299)
	at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:414)
	... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: null cert chain
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:231)
	at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1369)
	at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:160)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
	at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
	at java.security.AccessController.doPrivileged(Native Method)
	at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
	at org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:695)
	at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:475)
	... 17 more

I've now discovered that the problem was that the client application
was not sending any authentication information.

But - surely the ftp server should return a better notification to the client?

Mime
View raw message