I have a Java 1.5 application hosted in Tomcat 5.5, and am using
Spring 2.0. The application has a wired controller that references an
instance of org.apache.commons.net.ftp.FTPSClient (commons-net-2.0).
On request, this controller should trigger a new FTP connection over
SSL to an external server using this instance. Unfortunately, I keep
receiving the included SSLException (stacktrace below, with SSL
debugging turned on) when attempting to connect.
What's puzzling is that I have tested this exact code inside and
outside Tomcat, on several different machines. On every machine, it
connects and lists files on the FTP server successfully every time,
provided that it's not running under Tomcat. On every machine, when I
run the same code under Tomcat, I get the same exception.
I have tried the following:
- web search: I can't find anyone who's had this same issue. I find it
hard to believe that I would be the first person to try an FTP
connection from a Spring controller hosted in Tomcat.
- disable Spring wiring: I get the exception whether I wire the
controller up with a proxy or create the instance manually.
- re-evaluated Calatina policy: From what I can tell in the docs, if
there's an issue with policy permissions, a policy exception should be
logged, along with a FAILED message. I find neither of these in my
logs; just the exception mentioned above.
I would very much appreciate any guidance from someone in the
community who's done something similar in Tomcat. At this point, I'm
kind of out of ideas.
Many thanks,
Evan
-------
Log + stacktrace:
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1247177598 bytes = { 179, 237, 208, 96, 117, 68,
18, 9, 106, 202, 149, 230, 38, 14, 40, 4, 142, 1, 237, 49, 65, 172,
235, 231, 206, 132, 69, 178 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 4A 56 6B 7E B3 ED D0 60 75
44 ...K..JVk....`uD
0010: 12 09 6A CA 95 E6 26 0E 28 04 8E 01 ED 31 41 AC ..j...&.(....
1A.
0020: EB E7 CE 84 45 B2 00 00 24 00 04 00 05 00 2F 00 ....E...
$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00
5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
http-8080-1, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80
00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..
5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13
2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03
02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 4A 56 6B 7E
B3 ...........JVk..
0050: ED D0 60 75 44 12 09 6A CA 95 E6 26 0E 28 04 8E ..`uD..j...&.
(..
0060: 01 ED 31 41 AC EB E7 CE 84 45 B2 ..1A.....E.
http-8080-1, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01
00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..
5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..
2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00
00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 4A 56
6B .............JVk
0050: 7E B3 ED D0 60 75 44 12 09 6A CA 95 E6 26 0E
28 ....`uD..j...&.(
0060: 04 8E 01 ED 31 41 AC EB E7 CE 84 45 B2 ....1A.....E.
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
http-8080-1, handling exception: javax.net.ssl.SSLException: SSL peer
shut down incorrectly
http-8080-1, SEND TLSv1 ALERT: fatal, description = unexpected_message
http-8080-1, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 0A .......
http-8080-1, called closeSocket()
java.lang.RuntimeException: There was an error establishing a secure
connection to the FTP server.
at com.n2uitive.core.FtpsServiceImpl.connect(FtpsServiceImpl.java:50)
at
com
.n2uitive
.dss.FtpStatementDownloader.connectToFtp(FtpStatementDownloader.java:85)
at
com
.n2uitive
.dss.FtpStatementDownloader.doDownload(FtpStatementDownloader.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun
.reflect
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org
.springframework
.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:301)
at
org
.springframework
.aop
.framework
.ReflectiveMethodInvocation
.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at
org
.springframework
.aop
.framework
.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at
org
.springframework
.transaction
.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:
106)
at
org
.springframework
.aop
.framework
.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at
org
.springframework
.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy27.doDownload(Unknown Source)
at
com
.n2uitive
.dss.FileDownloadController.handleRequest(FileDownloadController.java:
38)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
(SimpleControllerHandlerAdapter.java:48)
at
org
.springframework
.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:858)
at
org
.springframework
.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
at
org
.springframework
.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
at
org
.springframework
.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org
.apache
.catalina
.core
.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
290)
at
org
.apache
.catalina
.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.n2uitive.web.CustomHeadersFilter.doFilter(CustomHeadersFilter.java:
29)
at
org
.apache
.catalina
.core
.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
235)
at
org
.apache
.catalina
.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org
.apache
.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
233)
at
org
.apache
.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
191)
at
org
.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
128)
at
org
.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
102)
at
org
.apache
.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
845)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:
447)
at java.lang.Thread.run(Thread.java:613)
Caused by: javax.net.ssl.SSLException: SSL peer shut down incorrectly
at
com.sun.net.ssl.internal.ssl.InputRecord.readV3Record(InputRecord.java:
408)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:357)
at
com
.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:
782)
at
com
.sun
.net
.ssl
.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:
1089)
at
com
.sun
.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1116)
at
com
.sun
.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:
1100)
at
org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:
240)
at
org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:
171)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:163)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:250)
at com.n2uitive.core.FtpsServiceImpl.connect(FtpsServiceImpl.java:33)
... 36 more
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
