Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-8912

Remoting tries to create SSLSocketFactory even when not desired

XMLWordPrintable

    • Hide

      Add the code in the description before a web service invocation.

      Show
      Add the code in the description before a web service invocation.
    • Hide

      Install a Log4J filter that denies the confusing ERROR log message. Remoting still tries to create its own SSLSocketFactory, but it will harmlessly fail silently.

      Show
      Install a Log4J filter that denies the confusing ERROR log message. Remoting still tries to create its own SSLSocketFactory , but it will harmlessly fail silently.
    • Hide
      If you had configured JBossWS clients to use the socket factory returned by HttpsURLConnection.getDefaultSSLSocketFactory(), then you would receive an ERROR log message even though the configuration would work properly. The code causing this issue has been cleaned up, and a new property is available to tell JBossWS to use the default SSL socket factory: StubExt.PROPERTY_DEFAULT_SSL_SOCKET_FACTORY.
      Show
      If you had configured JBossWS clients to use the socket factory returned by HttpsURLConnection.getDefaultSSLSocketFactory(), then you would receive an ERROR log message even though the configuration would work properly. The code causing this issue has been cleaned up, and a new property is available to tell JBossWS to use the default SSL socket factory: StubExt.PROPERTY_DEFAULT_SSL_SOCKET_FACTORY.
    • Documented as Resolved Issue
    • NEW

      Running the following code is an alternative way to set the keystore/truststore in a remoting client:

       KeyStore ksTrust = KeyStore.getInstance("JKS");
    ksTrust.load(new FileInputStream("testTrust"), passphrase);

    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance("SunX509");
    tmf.init(ksTrust);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, tmf.getTrustManagers(), null);

    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

      When this code is added, Remoting should not try to create its own SSLSocketFactory. Currently there is no way to tell Remoting to not try. This causes a confusing ERROR message:

      Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.

      After this message is logged, the client still works because it falls back to the default SSLSocketFactory (that was already set).

              rh-ee-klape Kyle Lape
              rh-ee-klape Kyle Lape
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: