Okay, sorry 'bout that... I'll try over there. Thanks for the suggestion on the tls.close()/ctx.close removal, but I'm stilll about out of luck.
Cya,
-Mark
From: Lawrence Bowie <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: EOFException when connecting to ldap server with jndi
Date: Thu, 03 Jun 2004 20:14:17 -0400
MIME-Version: 1.0
X-Sender: Lawrence Bowie <[EMAIL PROTECTED]>
Received: from mc6-f15.hotmail.com ([65.54.252.151]) by mc6-s21.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 3 Jun 2004 17:17:46 -0700
Received: from mmx.engelschall.com ([195.27.130.252]) by mc6-f15.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 3 Jun 2004 17:16:50 -0700
Received: by mmx.engelschall.com (Postfix)id E34631934D; Fri, 4 Jun 2004 02:15:56 +0200 (CEST)
Received: from master.openssl.org (master.openssl.org [195.27.176.155])by mmx.engelschall.com (Postfix) with ESMTP id C7B8B19301for <[EMAIL PROTECTED]>; Fri, 4 Jun 2004 02:15:56 +0200 (CEST)
Received: by master.openssl.org (Postfix)id A36AD203EF0; Fri, 4 Jun 2004 02:16:03 +0200 (CEST)
Received: by master.openssl.org (Postfix, from userid 5003)id 8ADDD203EED; Fri, 4 Jun 2004 02:16:03 +0200 (CEST)
Received: from vs221.server4me.com (ns1.ldb-jab.org [216.55.187.221])by master.openssl.org (Postfix) with ESMTP id 6CB73203EBBfor <[EMAIL PROTECTED]>; Fri, 4 Jun 2004 02:15:45 +0200 (CEST)
Received: from ldb-jab.org (pool-141-152-29-217.rich.east.verizon.net [141.152.29.217])by vs221.server4me.com (8.12.11/8.12.11) with ESMTP id i540EJI5007294for <[EMAIL PROTECTED]>; Thu, 3 Jun 2004 17:14:19 -0700 (PDT)
X-Message-Info: 9FGFoCED9ZPgGV3/xLPmZcZb5wMJZ4Z/uHxn7ZKcksg=
Delivered-To: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: en-us, en
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.76.8.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Precedence: bulk
X-List-Manager: OpenSSL Majordomo [version 1.94.5]
X-List-Name: openssl-users
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 04 Jun 2004 00:16:50.0764 (UTC) FILETIME=[3B6F98C0:01C449C9]
You need to post to http://forum.java.sun.com/index.jsp at the Java Secure Socket Extensions
section.
Also, the EOFException means your connection closed unexpectedly .. I would lose
tls.close(); ctx.close();
LDB
mark brophy wrote:
Hi all:
This is my first post, so please redirect me if I'm in the wrong place. I've been having the same problem for weeks, and I can't seem to get around it. I'm connecting to an openldap server using tls/ssl (openssl), and I'm constantly getting an eofexception around the time of tls READ on the client side, and I can't figure out whether it's ssl or tls that's dying. If anyone has any idea what's going on, I'd really appreciate the input. He's some relevant java output with debugging on:
..........
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImp l
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : /path/to/mycert
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /path/to/mycert
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
**********removed sensitive info here**********************
Algorithm: RSA; Serial number: 0x0
Valid from Mon Mar 17 20:28:46 NST 2003 until Tue Mar 16 20:28:46 NST 2004
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryI mpl
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1069503884 bytes = { 7, 48, 141, 114, 165, 47, 223, 142, 90, 51, 199, 37, 149, 8, 3, 229, 3, 181, 2, 201, 24, 205, 74, 133, 18, 50, 70, 121 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH _AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC _SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_ DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SH A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_ WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI TH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 BF 56 8C 07 30 8D 72 A5 2F [EMAIL PROTECTED]/
0010: DF 8E 5A 33 C7 25 95 08 03 E5 03 B5 02 C9 18 CD ..Z3.%..........
0020: 4A 85 12 32 46 79 00 00 1E 00 04 00 05 00 2F 00 J..2Fy......../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-0, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 [EMAIL PROTECTED]
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 BF 56 8C 07 30 8D 72 A5 2F DF 8E 5A 33 [EMAIL PROTECTED]/..Z3
0050: C7 25 95 08 03 E5 03 B5 02 C9 18 CD 4A 85 12 32 .%..........J..2
0060: 46 79 Fy
Thread-0, WRITE: SSLv2 client hello message, length = 98
Thread-0, received EOFException: error
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-0, SEND TLSv1 ALERT: fatal, description = handshake_failure
Thread-0, WRITE: TLSv1 Alert, length = 2
Thread-0, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Problem getting attribute:javax.naming.CommunicationException: simple bind failed: ******.ca:389 [Root exception is javax.net.ssl.SSLHandshakeException: Re mote host closed connection during handshake]
Also, here's the code:
import javax.naming.NamingEnumeration;
import javax.naming.Context; import javax.naming.directory.InitialDirContext;
import javax.naming.directory.Attributes;
import javax.naming.NamingException; import javax.naming.ldap.*;
import java.util.Hashtable;
import javax.net.ssl.*;
import java.security.*;
import java.io.IOException;
import java.io.EOFException;
public class LdapFetchName{
public static void main(String[] args){
try{
Hashtable env = new Hashtable();
System.setProperty("javax.net.debug","all");
//System.setProperty("java.protocol.handler.pkgs","javax.net.ssl");
String c_truststore = "/source/sandbox/mbrophy/munCA/mycert";
System.setProperty("javax.net.ssl.trustStore",c_truststore); System.setProperty("javax.net.ssl.trustStorePassword","changeit");
String c_keystore = "/source/sandbox/mbrophy/munCA/mycert";
System.setProperty("javax.net.ssl.keyStore",c_keystore);
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://irma.cs.mun.ca:389";);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
//env.put(Context.SECURITY_PRINCIPAL,"uid=replicat,ou=People,ou=CSMath,dc=mun,dc=ca");
env.put(Context.SECURITY_PRINCIPAL,"uid=mbrophy,ou=People,ou=CSMath,dc=mun,dc=ca");
//env.put(Context.SECURITY_CREDENTIALS,"pr60ghlj"); env.put(Context.SECURITY_CREDENTIALS,"m8c0.sbc");
LdapContext ctx = new InitialLdapContext(env,null);
StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
SSLSession sess = tls.negotiate();
Attributes answer = ctx.getAttributes("uid = mbrophy"); tls.close();
ctx.close();
}catch (NamingException e) { System.err.println("Problem getting attribute:" + e); } catch (EOFException eofe) { System.err.println("End of file: " + eofe); } catch (IOException ioex) { System.err.println("IOException: " + ioex); }
} }
Thanks in advance, -Mark
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN Premium http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________
MSN Premium with Virus Guard and Firewall* from McAfeeŽ Security : 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
