Problem in using SSL provided by GNU classpath from jetty server..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am using below mentioned configuration to run my web application-

	-jetty server version 6.1.8
	-GNU Classpath version 0.98 and
	-JamVM version 1.5.3
	-Linux m/c
	
My web application is deployed on jetty which is running on JamVM using GNU
Classpath library. I have no issues in accessing application through normal
http protocol but not able to access it using https protocol.
I have successfully created a keystore of type 'GKR' by using tool provided
by GNU Classpath and using it for configuring SSL on jetty web server
(jetty-ssl.xml). keystore contain valid private key and corresponding public
key in certificate.

Initially i faced problem in configuring SSL on jetty because it was not
allowing to override default keystore type (JKS), keymanager and trust
manager algorithm (SunX05). To overcome this issue, i made changes in the 
GNU Classpath code to use fixed keystore type ("GKR") and  keymanager and
trust manager algorithm (JessieX509). After this changes, jetty started 
successfully on configured https port (8443) but browser gets hanged when
accessing application on https port. There is no log on jetty console. I
used tcpdump utility to figure out issues and it shows below mentioned logs.
here hpnsez153 and 172.16.4.197 is client (browser) and server machine
respectively-


19:13:13.765558 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281241052:281241328(276) ack 1368401 win 43148
19:13:13.765621 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281241328:281241604(276) ack 1368401 win 43148
19:13:13.765675 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281241604:281241768(164) ack 1368401 win 43148
19:13:13.765709 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281240888 win 64967
19:13:13.765728 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281241768:281241932(164) ack 1368401 win 43148
19:13:13.765788 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281241328 win 64527
19:13:13.765823 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281241932:281242096(164) ack 1368401 win 43148
19:13:13.765875 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281241768 win 64087
19:13:13.765897 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281242096:281242372(276) ack 1368401 win 43148
19:13:13.765954 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281242372:281242520(148) ack 1368401 win 43148
19:13:13.766011 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281242520:281242796(276) ack 1368401 win 43148
19:13:13.766026 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281242096 win 65535
19:13:13.766068 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281242796:281243088(292) ack 1368401 win 43148
19:13:13.766144 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281242520 win 65111
19:13:13.766177 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281243088:281243364(276) ack 1368401 win 43148
19:13:13.766244 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281243364:281243640(276) ack 1368401 win 43148
19:13:13.766300 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281243088 win 64543
19:13:13.766302 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281243640:281243804(164) ack 1368401 win 43148
19:13:13.766364 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281243804:281243968(164) ack 1368401 win 43148
19:13:13.766465 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281243968:281244372(404) ack 1368401 win 43148
19:13:13.766465 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281243640 win 65535
19:13:13.766562 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281243968 win 65207
19:13:13.766595 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281244372:281244488(116) ack 1368401 win 43148
19:13:13.766775 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281244488 win 64687
19:13:13.777237 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: P
1368401:1368453(52) ack 281244488 win 64687
19:13:13.777354 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281244488:281244588(100) ack 1368453 win 43148
19:13:13.777420 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281244588:281245184(596) ack 1368453 win 43148
19:13:13.777474 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281245184:281245348(164) ack 1368453 win 43148
19:13:13.777526 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281245348:281245512(164) ack 1368453 win 43148
19:13:13.777580 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281245512:281245676(164) ack 1368453 win 43148
19:13:13.777633 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281245676:281245840(164) ack 1368453 win 43148
19:13:13.777686 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281245840:281246004(164) ack 1368453 win 43148
19:13:13.777743 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281246004:281246168(164) ack 1368453 win 43148
19:13:13.777744 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281245184 win 63991
19:13:13.777800 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281245512 win 63663
19:13:13.777821 IP 172.16.4.197.ssh > hpnsez153.india.ipolicynet.com.4706: P
281246168:281246332(164) ack 1368453 win 43148
19:13:13.777832 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281245840 win 63335
19:13:13.777976 IP hpnsez153.india.ipolicynet.com.4706 > 172.16.4.197.ssh: .
ack 281246168 win 63007

I'd really appreciate any hint on my trouble. I am willing to provide more
information if required. 

I doubt that above issue might be coming due to wrong SSL configuration on
jetty so i am providing contents of jetty-ssl.xml file below-

<Call name="addConnector">
    <Arg>
      <New class="org.mortbay.jetty.security.SslSocketConnector">
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="handshakeTimeout">2000</Set>
	<Set name="sslKeyManagerFactoryAlgorithm">JessieX509</Set>
<Set name="sslTrustManagerFactoryAlgorithm">JessieX509</Set>

	<Set name="provider">Jessie</Set>
	<Set name="keystoreType">GKR</Set>	
        <Set name="keystore"><SystemProperty name="jetty.home" default="."
/>/etc/alok_gkr_keystore</Set>
        <Set name="password">abc123</Set>
        <Set name="keyPassword">abc123</Set>
        <Set name="truststore"><SystemProperty name="jetty.home" default="."
/>/etc/alok_gkr_keystore</Set>
        <Set name="trustPassword">abc123</Set>
	
        <Set name="handshakeTimeout">200000</Set>
<!--
        <Set name="ThreadPool">
          <New class="org.mortbay.thread.BoundedThreadPool">
            <Set name="minThreads">10</Set>
            <Set name="maxThreads">250</Set>
         </New>
        </Set>
-->
      </New>
    </Arg>
  </Call>
</Configure>
-- 
View this message in context: http://www.nabble.com/Problem-in-using-SSL-provided-by-GNU-classpath-from-jetty-server..-tp24284555p24284555.html
Sent from the Gnu - Classpath - General mailing list archive at Nabble.com.
[Index of Archives]     [Linux Kernel]     [Linux Cryptography]     [Fedora]     [Fedora Directory]     [Red Hat Development]
  Powered by Linux