Non-Deterministic Exception When Connecting With Wrong Client Certificate
I am working on an internal application and need to determine the correct client-side SSL certificate to use when connecting to a server (the user can supply multiple client-side certificates). I had expected that if I connected to a server using the wrong client certificate the java client would throw a SSLHandshakeException and I could then try the next certificate. This seems to work some of the time, however the java client will sometimes throw a SocketException: Software caused connection abort: recv failed, in which case it is not possible to know that the wrong certificate caused the problem.
Below is the code I have been using to test as well as the intermittent SocketException stack trace. Does anyone have an idea as to how to fix this problem? Thanks in advance.
Note: the TrustAllX509TrustManager is a trust manager that trusts all servers.
protected void connectSsl() throws Exception {
final String host = "x.x.x.x";
final int portNumber = 443;
final int socketTimeout = 10*1000;
// Note: Wrong certificate (expect SSLHandshakeException).
final String certFilename = "C:\\xxx\\clientSSL.P12";
final String certPassword = "certPassword";
final BufferedInputStream bis = new BufferedInputStream(new FileInputStream(new File(certFilename)));
final char[] certificatePasswordArray = certPassword.toCharArray();
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
final KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(bis, certificatePasswordArray);
keyManagerFactory.init(keyStore, certificatePasswordArray);
final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
final SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, new TrustManager[]{new TrustAllX509TrustManager()}, new SecureRandom());
final SocketFactory secureFactory = context.getSocketFactory();
final Socket socket = secureFactory.createSocket();
final InetAddress ip = InetAddress.getByName(host);
socket.connect(new InetSocketAddress(ip, portNumber), socketTimeout);
socket.setSoTimeout(socketTimeout);
// Write the request.
final OutputStream out = new BufferedOutputStream(socket.getOutputStream());
out.write("GET / HTTP/1.1\r\n".getBytes());
out.write("\r\n".getBytes());
out.flush();
InputStream inputStream = socket.getInputStream();
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
byte[] byteArray = new byte[1024];
int bytesRead = 0;
while ((bytesRead = inputStream.read(byteArray)) != -1) {
outputStream.write(byteArray, 0, bytesRead);
socket.close();
System.out.println("Response:\r\n" + outputStream.toString("UTF-8"));
}Unexpected SocketException:
main: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1435)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:612)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
Thanks for the quick response. Here are answers to the questions:
1) No, this issue is not associated with one particular certificate. I have tried several certificates and see the same issue.
2) I agree it would be simpler to only send the required certificate, but unfortunately the project requires that the user be able to specify multiple certificates and, if a client-side certificate is required, the application try each one in turn until the correct certificate is found.
3) Yes, I realize the TrustAllX509TrustManager is insecure, but I am using this for testing purposes while trying to diagnose the client certificate problem.
In terms of testing, I am just wrapping the above code in a try/catch block and executing it in a loop. It is quite odd that the same exact code will sometimes generate a SSLHandshakeException and other times a SocketException.
One additional piece of information: if I force the client code to use "SSLv3" using the Socket.setEnabledProtocols(...) method, the problem goes away (I consistently get a SSLHandshakeException). However, I don't think this solves my problem as forcing the application to use SSLv3 would mean it could not handle TLS connections.
The code to specify the SSLv3 protocol is:
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setEnabledProtocols(new String[] {"SSLv3"});
One other strange issue: if instead of specifying the SSLv3 protocol using setEnabledProtocols(...) I instead specify the protocol when creating the SSLContext, the SocketException problem comes back. So if I replace:
final SSLContext context = SSLContext.getInstance("SSL");
with:
final SSLContext context = SSLContext.getInstance("SSLv3");
and remove the "sslSocket.setEnabledProtocols(new String[] {"SSLv3"})" line, I see the intermittent SocketException problem.
All very weird. Any thoughts?
Similar Messages
-
305500 non-Oracle exception when I use forms 6i to open a excel
Hi
I get a 305500 non-Oracle exception when I use forms 6i to open a excel file. Does anyone know what the problem is? Any solution/workaround for this?
ThanksHi, this problem mainly happens if you try to close an excel sheet which you have not open or you are trying to open an excel sheet twice with the same name.
-
Trip form - Warning PageBuilder will run with wrong client window ID"
Dear All,
I am getting following warning message before opening Trop form.
"error starting iView webdynpro PageBuilder will run with wrong client window ID"
If we click on OK button, the pdf form ets opened correctly.
How to remove this warning ?
Thanks,
VinodWe ran into the exact problem when opening a PCR form from the "Status Overview" iView in MSS.
The solution is here: [Note 1171930 - Application will run with a wrong client window ID alert|https://service.sap.com/sap/support/notes/1171930]
This applies if you have one of the following versions and an iView is launched in a new window:
- NW04s SP15
- EhP1
Best regards,
Jill -
Downloaded latest IOS 7.0.2 and it crashed my iphone 4. Now Ive got nothing and it wont restore when connected with Itunes cos Error Message 4005 comes up. Cant find it listed anywhere. Help
Hi!
It looks like there might be some security settings or software on your laptop that's preventing the restore process from working.
Check out this article in Apple's support. It shows you the steps you can take to try to get around error 1611.
Like diesel vdub said, a DFU-mode restore might give you success where a regular restore might not, so maybe you can try that.
What you need to do is put your phone into DFU mode, which is a low-level mode that helps the restore process get a little more done, or it can help iTunes get around certain roadblocks (hopefully like the one you're experiencing!). Your computer will install special DFU-iPhone drivers for it, and then iTunes will see it as a phone that needs restoring.
To get your phone into DFU mode:
Plug your phone into your laptop.
Turn the phone off.
Press and hold the power/lock button. Keep it held in, even after the display turns on and you see something on the screen. As soon as you see something on the screen, start holding the home button as well as the power button, so that they're being pressed together.
Keep both buttons pressed down for 10 seconds.
After 10 seconds, release the power button, but keep holding home until the laptop sees a new USB device. Once you see that, you're in DFU mode, and you can let go of buttons. Your iPhone screen will be blank during it all, even though it's actually on, in DFU mode.
Now your restore should work!
If your phone shows the Apple logo or anything else while you're trying to get it into DFU mode, then something went wrong. Try the steps again. If it suddenly starts up normally again, try reducing the time to a bit less than 10 seconds--try reducing it by about a second at a time. It should work! -
I am curious as to why my iTunes 10.4 won't open when connected with my Touch (v.4.3.5). iTunes used to open when connected with my Touch. Can anyone help me? Thankyou.
I have got a solution, it was shared on another 'apple support coummunity' board:
https://discussions.apple.com/message/15830348#15830348
It worked for me -
My iPhone 5 got problem when connect with lighting cable, this will keep pop up message "this accessory may not be supported", I can't charge or sync at all. I tried plug and unplug many time, still can't detect/charge my iPhone5, but sometime will 'lucky' that can connect to my iTunes and charge battery…
This message will auto pop up also when I don't have plug anything in my iPhone 5, It is very annoying…
The lighting cable is original and now i'm using OS 7.0.4 / iTunes is 11.1.3
What I can do to fix this problem? Thank you.I would try using another cable you can likely borrow one to test from somebody
if it's the same then likely the connector in your iphone have been damaged -
I need to scan wirelessly from a MAC (OS 1.7 or higher) through Adobe Acrobat Pro X (or higher). Have discovered that all in one printers say they are MAC compatible but will only scan when connected with a USB cable. Would prefer a laser, color, all in one. Does anyone have printer suggestions that you know will scan wirelessly?
Great information.
-------------How do I give Kudos? | How do I mark a post as Solved? -------------------------------------------------------- -
When connecting with FaceTime, I see other people then they hang up.
When connecting with FaceTime, I see other people then they hang up. Has anyone one else encountered this?
Usually, my wife contacts me with facetime, I try to accept connection and she sees other people form another country that quickly hang up.
This happens often.
ThanksThis seems to happen with the Iphone 5s if I am not mistaken
Thnaks -
Can't open app store in itunes when connected with ipad
Hi. Could anybody tell me how I can use app store in itunes when connected with ipad 2? When I click app store, it just gives no response at all. Thanks a lot!
Welcome to the Apple Community.
Do you have the power cable in, it won't show up with the power cable in.
Additionally, there have been some issues with the update servers, it's possible you won't be able to complete the update procedure anyway. -
Why isn't my iPad2 charging its battery when connected with my iMac?
Why isn't my iPad2 charging its battery when connected with my iMac?
A lot of computers, especially older ones (I don't know how old yours is), don't provide enough power through their USB ports in order to charge the iPad - it may still be charging, but at a low rate (it may charge quicker if the iPad's screen is off). If you want to charge it at a reasonable rate then the wall charger is better.
-
Since upgrading the IOS 8 on my IPad 2 I can longer get a full screen on my TV when connected with an HDMI cable. anything I should change in my settings? Right now my iPad is mirrored on the TV with a black box all around the edge
I have reached the same conclusion in the mean time. I have done a bit of investgation in to other grahics cards and am seeing some that show SPDIF connections from the card to the mother board. I was not familar with SPDIF but it did a little bit of sluething. It is of course a digitally enconded voice. I am guessing that in that case the mother board ( assuming it supports this hardware option) would use this output and be able to translate that digital audio to its other audio outputs. That is a lot of guessing of course. I think my "solution" might be a whole new desktop - a rather drastic course of action! I was in the proceess of getting ready to upgrade this machine anyway with a new graphics card (which I will now return), go to Win 7, and maybe even a new digital TV reciever, and I don't want to throw good money after bad anyway.
Thanks for your comments -
Will not recognize the Lucid LG when connected with USB
My Dell will not recognize the Lucid LG when connected with USB. Both the computer and phone gives a split second prompt that they are connected but then goes away immediately. After reconnecting it several times however it will finally recognize the mass storage. How can I get away from the hassle of multiple re-connections before it finally recognizes that connection?
That's some helpful information about your issue samrmusso! Some recommendations that I have for you is to try a different USB port on the computer to see if it isn't an issue with that specific USB port. Are you using the cable that came with the device (recommended) or a 3rd party cable (may not support data transfering properly)? You can also try restarting both the device and computer and retest. It's possible that there's a driver conflict on your Dell. Here's how to check for these types of conflicts: http://goo.gl/qH4m5
Keep us posted on any additional information/details about your issue.
Thanks,
MikeS_VZW
Follow us on Twitter @VZWSupport -
the resolution of my thunderbolt screen is not ok / sharp when connected with my air book. Who can help me out?
If running 10.7 or later hold down Command-R at Startup.
This should invoke recovery Mode.
Choose Disk Utility.
Select your Hard drive. Inspect the SMART Status in the lower right of the window for "Verified".
Select the Mac OS X Volume (originally Macintosh HD) click (Repair Disk)
If errors, run again until it comes clean or gets stuck.
Report any error messages. -
I dropped my iphone 3gs now it goes on when connected with a charger but battery show 0% battery. as soon as i disconnect the charger the phone goes off....
Your the one saying it won't work properly, so yes it is broken.
-
Hi,
I would like to access to my shared variables using an OPC client. (a free software called powerOPC or any other one)
When I use it locally, everything goes well, I can access my shared variables, but when I try to access from a distantr PC, I cannot connect and get some errors. I've tried to open port 135 on the firewall, I've read the following post: http://forums.ni.com/t5/LabVIEW/opc-dcom-access-denied/m-p/822246/highlight/true#M373884
But I still can't access my variables.
The NI Distributed System Manager can access to the distant shared variables, so I don't know what's wrong with other clients.
Does anyone knows how to do?
Both PC are running win 7, one is 32 the other 64bit.
LV2011
RegardsHi toto26,
thank you for using National Instruments discussion forum.
Could you detail the way you use to communicate with your OPC server thanks share variable? Are you using datasocket like in this document or are you using DSC ?
Could you tell us more about the errors you get? Have you already seen this KB document and its first related link?
Thank you in advance
Regards,
Audrey_P
National Instruments France
#adMrkt{text-align: center;font-size:11px; font-weight: bold;} #adMrkt a {text-decoration: none;} #adMrkt a:hover{font-size: 9px;} #adMrkt a span{display: none;} #adMrkt a:hover span{display: block;}
Journées techniques : des fondamentaux aux dernières technologies pour la mesure et le contrôle/comm...
Maybe you are looking for
-
Performance of dd in solaris 10
I ran a test the other day of dd'ing an entire 9g drive to another 9g driver under solaris 9, and solaris 10. solaris 10 was 2x faster. I know sun had been working on performance enhancements, and had speeded up system calls and such, but this seems
-
When i'm opening firefox, it always freeze for about 1 minute, i'm not sure how it's happening, but i also run Winamp when opening firefox, when the firefox frozen, my entire desktop will also freeze, it sucks , i need to wait for 1 minutes
-
As far as I understand the PL/SQL XSLT transformer in Oracle9i does not support XSLT 2.0. I need XSLT 2.0 as I need to split up 1 large XML document in small ones (each representing a table) and then import the data into the database (using DBML_XMLS
-
i love osx mountain lion my question is why was air play taken out of specific app like quick time and iTunes i dont always want to display my whole computer when i am in airplay mode
-
LR won't allow me to adjust the margins below minimum values of about 0.25 in. Borderless printing and 8.5x11 borderless media are selected. LR also won't allow me to increase the cell size. It seems to have a maximum of 8x10.68. Aspect ratio of th