thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Kranski <james.kran...@gmail.com>
Subject Thrift secure traffic interoperability (Java - CSharp) problem
Date Fri, 10 Jun 2016 08:11:41 GMT
Hello everybody,

I'm having problems with secure thrift traffic. Well, in all likeliness
it's a problem with my understanding of keystores/certificates/keys
infrastructure.

I'll need interoperable thrift servers and clients for Java, CSharp and
Delphi. For now I prepared an example of Java (server and client) and
CSharp (client).

The plain (unencrypted) traffic gets through OK in both cases (Java client
calling Java server and CSharp client calling Java server). The secure
example however, I only managed to get through in a Java - Java case,
whereas Delphi client reports an error:

Unhandled Exception:
System.IO.IOException: The authentication or decryption has failed. --->
System.IO.IOException: The authentication or decryption has failed. --->
Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from
server.

The example (thrift files, sources, incl. build files (ant for Java and
nant for CSharp) and crypto infrastructure) can be found here:

Browse:
https://drive.google.com/open?id=0BzuBGqGqS8miYUpQdHFYTDRxR28

Download complete example (tar.gz):
https://drive.google.com/open?id=0BzuBGqGqS8miTTJfeS1CZGFZNXc

A few guildelines.

1. Java: see Java/readme.txt
build.xml contains run targets, but you'll have trouble killing background
server processes.
So... run (shell) scripts are in Java directory.

2. CSharp: see CSharp/readme.txt
Again, build.build also contains run targets.
Run (shell) scripts are in CSharp directory.

3. Crypto:
I tried two tools: keytool (generated files in Crypto/KeyTool) and openssl
(generated results in Crypto/OpenSSL). Copy either ones into Crypto
directory to try them out.

Please take a look at the source and crypto infrastructure and tell me what
I am doing wrong. Thanks.

Regards,
James

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message