NULL trustStore in SSL connection
I've got a mutually authenticating setup where both the server and the client use certificates to connect. These are signed by Entrust, and imported into a keystore file. On the client side, set the system property for the keystore file and the keystore password and this works OK. But the default truststore file in $JAVA_HOME isn't being used. Instead, it is using an empty truststore. This is not the way it should work. If I leave the truststore system property alone, it should use the one in $JAVA_HOME.
This works correctly if I set the system property for the truststore manually to be the one in $JAVA_HOME. But this should not be required. Is this an issue that gets fixed in a later version of the JWSDP? I'm using 1.3 right now.
Are you able to connect outside of your application (i.e., using native tools)? If not, the port may be blocked by a firewall or proxy. The server may also be misconfigured (not listening) ...
Good luck,
-Derek
Similar Messages
-
SSL connection, KeyManager and TrustManager
Hello everyone,
I am trying to established an SSL connection to a OC4J Server. The server is correctly configured, as the communications using Internet Explorer goes well.
I am using JDK 1.3.1_06 with JSSE 1.0.3 and OC4J 9.0.3.
But now I have a stand-alone java program that sends SOAP messages to the ssl port in the server using JAXM. When I send the message, I received the following exception:
javax.net.ssl.SSLException: untrusted server cert chain
The following I tried was to connect using a socket to test the handshacking. I received the same exception.
I am using a KeyStore dinamically generated with the PKCS12 certificate of the cliente that is requesting the service, and a TrustStore dinamically generated with the CA certificate for both the client and the server. I am also tries to use the default cacerts file with this certificate imported in.
The KeyManager is initialized in this way:
----- KeyManager start -----
java.security.KeyStore ks = java.security.KeyStore.getInstance
("pkcs12", "SunJSSE");
ks.load(new FileInputStream(file),pass.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance ("SunX509", "SunJSSE");
kmf.init(ks, pass.toCharArray());
KeyManager[] km = (KeyManager[])kmf.getKeyManagers();
----- KeyManager end -----
The TrustManager is initialized in this way:
----- TrustManager start -----
FileInputStream fis = new FileInputStream(file);
java.io.DataInputStream dis = new java.io.DataInputStream(fis);
byte[] bytes = new byte[dis.available()];
dis.readFully(bytes);
java.io.ByteArrayInputStream bais =
new java.io.ByteArrayInputStream(bytes);
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
java.security.cert.X509Certificate caCert =
(java.security.cert.X509Certificate)
cf.generateCertificate(bais);
java.security.KeyStore ksCA =
java.security.KeyStore.getInstance("pkcs12", "SunJSSE");
ksCA.load(null, null);
ksCA.setCertificateEntry("trustedCA", caCert);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
tmf.init(ksCA);
TrustManager[] tm = (TrustManager[])tmf.getTrustManagers();
----- TrustManager end -----
And finally, this is the way I create the ssl connection:
----- main start -----
// loads the jsse provider
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
// keymanager
com.sun.net.ssl.KeyManager[] km = getKeyManager(args[0], args[1]);
// trustmanager
com.sun.net.ssl.TrustManager[] tm = getTrustManager(args[2]);
// ssl context configuration
com.sun.net.ssl.SSLContext ctx =
com.sun.net.ssl.SSLContext.getInstance("SSL");
ctx.init(km, tm, null);
com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
ctx.getSocketFactory());
// url
URL url = new URL(
"https", my_ip
my_port, a_page,
new com.sun.net.ssl.internal.www.protocol.https.Handler());
// connection
com.sun.net.ssl.HttpsURLConnection conn =
(com.sun.net.ssl.HttpsURLConnection)url.openConnection();
conn.connect();
----- main end -----
This is the full exception trace:
javax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA6275)
at pruebas.SSLClient.main(SSLClient.java)
Has anyone some idea of what is happening. Thanks in advance,
Jorge Hidalgohi
how your client i.e stanadlone application (SOAP client) is getting the server certificates if client doesn't get the server certificate and vice versa then u will get this exception.
check on both side.
pras -
Some RST are seen during TCP disconnection when using SSL connection
Some RST are seen during TCP disconnection when using SSL connection
It is expected that the disconnection sequence for a secure connection to be as follow:
client ************************* server
--- alert (warning, close notify) --->
<--- alert (warning, close notify) ---
in any order;
and then:-
--------------- FIN, ACK ------------>
<----------- FIN, ACK ---------------
------------------ ACK ----------------->
Instead of the sequence described above, the TCP connection for a secure connection is closed with an RST.
For instance, Wireshark capture shows that an SSL+SASL TCP connection is closed in the following manner:
client ************************** server
--- alert (warning, close notify) ---->
---------------- FIN, ACK ------------>
<--- alert (warning, close notify) ---
<----------- FIN, ACK ---------------------
------------ RST -----------------> *(This RST message should be investigated, an ACK message was expected)*
Server: OpenLDAP: slapd 2.4.23
Client: (java version "1.6.0_16")
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.InitialLdapContext;
import java.util.Hashtable;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
class Client {
private static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
public static void main(String[] args) {
//SSL
try {
System.setProperty("javax.net.ssl.keyStore", "c:\\\keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "adminadmin");
System.setProperty("javax.net.ssl.trustStore","c:\\\keystore");
System.setProperty("javax.net.ssl.trustStorePassword","adminadmin");
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Must use the name of the server that is found in its certificate
env.put(Context.PROVIDER_URL, "ldap://1.2.4.4:16415");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=manager,dc=operator,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.SECURITY_PROTOCOL, "ssl");
// Create initial context
InitialLdapContext ctx = new InitialLdapContext(env, null);
// Close the context when we're done
ctx.close();
catch(Exception e)
e.printStackTrace();
Is it a bug ? Can I expect to have a patch for this issue?
Regards,
Olivier
Edited by: 975464 on 6-Dec-2012 11:21 AMI agree it should be an ACK not an RST but it doesn't really matter. The connection is closed, and as neither the client nor the server has any pending data it is benign. Worth investigating in a later JRE.
-
I can create a new user using the following code
public void createUser()
System.setProperty("javax.net.ssl.trustStore","C:\\j2sdk1.4.2_02\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://xxx.xxx.xxx.xxx:636/dc=sxxxx, dc=xxxx, dc=ac, dc=uk");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "xxxx");
env.put(Context.REFERRAL, "throw");
env.put(Context.SECURITY_PROTOCOL, "ssl");
try
ctx = new InitialDirContext(env);
BasicAttribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
BasicAttribute cn = new BasicAttribute("cn", "TestUser2");
BasicAttribute gn = new BasicAttribute("givenName", "Test2");
BasicAttribute sn = new BasicAttribute("sn", "User");
BasicAttribute dn = new BasicAttribute("displayName", "Test User2");
BasicAttribute uac = new BasicAttribute("userAccountControl", "512");
BasicAttribute sam = new BasicAttribute("sAMAccountName", "TestUser2");
BasicAttribute upn = new BasicAttribute("userPrincipalName", "[email protected]");
BasicAttribute des = new BasicAttribute("description", "Systems Team");
BasicAttribute ras = new BasicAttribute("msNPAllowDialin", "TRUE");
String newVal = new String("\"swansea\"");
byte _bytes[] = newVal.getBytes("Unicode");
byte bytes[] = new byte[_bytes.length-2];
System.arraycopy(_bytes, 2, bytes, 0, _bytes.length-2);
BasicAttribute pwd = new BasicAttribute("unicodePwd");
pwd.add((byte[])bytes);
BasicAttributes attrs = new BasicAttributes();
attrs.put(oc);
attrs.put(gn);
attrs.put(sn);
attrs.put(cn);
attrs.put(dn);
attrs.put(uac);
attrs.put(sam);
attrs.put(upn);
attrs.put(des);
attrs.put(pwd);
attrs.put(ras);
ctx.createSubcontext("cn=TestUser2, ou=Systems", attrs);
System.out.println("User has been created");
ctx.close();
catch(NameAlreadyBoundException ex)
System.err.println("Username is already in use.");
catch(Exception ex)
System.err.println("Failed to create user account.");
ex.printStackTrace();
}but when I try to modify the user i've created using the code below, i get a error saying couldn't find trusted certificate, but surely it used it to create the user in the first place.
public void change(String user)
System.setProperty("javax.net.ssl.trustStore","C:\\j2sdk1.4.0_02\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","xxxx");
env = new Hashtable();
DirContext ctx = null;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://xxx.xxx.xxx.xxx:636/dc=xxxxx, dc=xxxx, dc=ac, dc=uk");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "xxxx");
env.put(Context.REFERRAL, "ignore");
env.put(Context.SECURITY_PROTOCOL, "ssl");
try
ctx = new InitialDirContext(env);
BasicAttribute attribute = new BasicAttribute("msNPAllowDialin");
attribute.add("FALSE");
Attributes bAttrs = new BasicAttributes();
bAttrs.put(attribute);
ctx.modifyAttributes(user, ctx.REPLACE_ATTRIBUTE, bAttrs);
System.out.println("success");
ctx.close();
catch (Exception ex)
ex.printStackTrace();
}any suggestions gratefully recieved
Thanks
DeanDid you ever figure this error out? I'm seeing not exactly this error, but similar. I had an SSL connection to Active Directory set up and working with a temporary certificate. Then the Active Directory administrator got the permanent certificate. I imported the certificate of the Active Directory server and rootCA and restarted my server and added code to set trustStore:
System.setProperty("javax.net.ssl.trustStore","C:\\j2re1.4.2_03\\bin\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ourserver.edu:636");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.putContext.SECURITY_PRINCIPAL, "cn=Admin,ou=something....dc=edu");
env.put(Context.SECURITY_CREDENTIALS, "the_password");
env.put(Context.SECURITY_PROTOCOL,"ssl");
DirContext ctx = new InitialDirContext(env);
but still I get
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
etc.
Any ideas would be GREATLY appreciated. Thanks in advance. -
Unable to establish SSL connection using Java PKCS11
I am currently trying to establish SSL connectivity using eToken via PKCS11.
The PKCS11 provider is setup and I can read the 3 stored certificates as a key Store Object.
But I am getting the following exception while trying to establish SSL connectivity.
I am using JDK 6.0(java version "1.6.0_31-rev).
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-aladdin-0 RSA private key, 2048 bits (id 147980297, token object, sensitive, unextractable)
at sun.security.mscapi.RSACipher.engineGetKeySize(RSA Cipher.java:384)
at javax.crypto.Cipher.b(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
Code:
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = getClientKeyStore(); //read Smart Card Token to get the Certificate
kmf.init(keyStore, "mycardPin".toCharArray()); //#### hard coded the i/p parms
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("C:\\Users\\usr1\\Desktop\\Certifi cates\\mycertca.jks"), "mycardPin".toCharArray());
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = sslContext.getSocketFactory();
sslClient = (SSLSocket) factory.createSocket(host, port);
sslClient.startHandshake(); //<--- code is breaking here with the above exception
I am struggling like anything for the last 4 days to get rid of this issue. Please let me know is there any work-around to fix this issue.
I really appreciate your help.Hi,
have You found the solution. I have similar problem but now it is not repeatable. I'm not sure what was the reason (this InvalidKeyException apeared only once). I'm using JDK7 (java version 1.7.0_09-b05).
Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-GemSafe RSA private key, 1024 bits (id 2, token object, sensitive, unextractable)
at sun.security.mscapi.RSACipher.engineGetKeySize(RSACipher.java:404)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1052)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1010)
at javax.crypto.Cipher.init(Cipher.java:1209)
at java.security.Signature$CipherAdapter.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.init(Unknown Source)
at java.security.Signature$Delegate.chooseProvider(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Unknown Source)
at sun.security.ssl.RSASignature.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Unknown Source)
at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
... 53 more -
SSL Connection to IP Number impossible?
Hi all,
(this is a crosspost from the Networking Forum, it fits better here, I think http://forum.java.sun.com/thread.jspa?threadID=5256171&tstart=0 )
I am trying to open an ssl connection (https) to an URL containing the ip adress as numbers, like https://1.2.3.4 (this is not the real adress).
The certifcate I use is valid and contains the IP Number in the common name.
On opening the connection I always get an IOException: https hostname wrong: should be <1.2.3.4>
Turning on debugging with -Djavax.net.debug=all doesn't give any more hints.
With a URL like https://login.yahoo.com, it works. I'm using Java SE 1.5.0_11.
Now, I know the URL should give the IP address as a name, like https://site.domain.country, but I wonder if I must do it that way?
Isn't there a workaround / switch in order to use an ip number?
Is it to use an own HostnameVerifier as suggested in Thread SSLException: Name in certificate "host1" does not match host name "host2" (http://forum.java.sun.com/thread.jspa?threadID=5224956&tstart=60)
Thanks for any help!
Here is the stack trace:
java.io.IOException: HTTPS hostname wrong: should be <1.2.3.4>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at de.sema.diwi.ss.oraxml.XMLHttp.doPost(XMLHttp.java:231)
at de.sema.diwi.ss.oraxml.XMLHttp.doPost(XMLHttp.java:90)
at de.sema.diwi.ss.util.XMLReqRes.doXMLPost(XMLReqRes.java:741)
at de.sema.diwi.ss.util.XMLReqRes.doXMLPost(XMLReqRes.java:613)
at de.sema.diwi.ss.util.XMLReqRes.doHttpRequest(XMLReqRes.java:328)
at de.sema.diwi.ss.control.SS_RMIImpl.XMLPost(SS_RMIImpl.java:315)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
at java.lang.Thread.run(Thread.java:595)
doXMLPost: Null response from service.Hi NephYliM,
the XMLHttp class is our own.
1st - the certificate already was in the truststore
2nd - a custom HostnameVerifier is enough, see attached code
Thanks for your post, but sorry - no dukes ;-)
roxon
Following HostnameVerifier does the trick, it's based on post http://forum.java.sun.com/thread.jspa?threadID=5224956&tstart=60 , but there is not even the need to set the hostname.
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
public class MyHostnameVerifier implements HostnameVerifier {
public MyHostnameVerifier() {
super();
* Gets the CN from a certificate
private String getCN(String DN) {
String[] dnComponents = DN.split(",");
// Find one that starts with CN=
for (int i = 0; i <= dnComponents.length; i++) {
if (dnComponents.startsWith("cn=")) {
return dnComponents[i].substring(3);
return "";
* Verify that a self defined host name is an acceptable match with the
* server's authentication scheme.
public boolean verify(String hostname, SSLSession session) {
try {
X500Principal peerPrincipal = (X500Principal) session
.getPeerPrincipal();
String DN = peerPrincipal.getName("CANONICAL");
// now parse the CN out of the effing DN
// We should also get the subject alternative names
// from the peer certificate
String CN = getCN(DN);
return CN.equals(hostname);
} catch (SSLPeerUnverifiedException e) {
return false; -
Got problem when using SSL connection when using my own web server
hi all,
I need to create a SSL connection to a website, i'm using Java 5 so i just append use the following code,
System.setProperty("https.proxyHost","90.0.0.122");
System.setProperty("https.proxyPort","3128");
URL verisign = new URL("https://www.verisign.com");
//URL verisign = new URL("https://localhost");
//URL verisign = new URL("https://90.0.0.30");
BufferedReader in = new BufferedReader(
new InputStreamReader(
verisign.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
}Here when i run the program with arg https://www.verisign.com it works fine, when i replace it with https://locahost it shows the follwing error
Exception in thread "main" java.io.IOException: HTTPS hostname wrong: should be <localhost>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at java.net.URL.openStream(URL.java:1007)
at URLReader.main(URLReader.java:93)i dono why this happening any can pls help me out to solve the problemHI all ,
I find a solution from the post
http://forum.java.sun.com/thread.jspa?threadID=521779&start=0
Thanks -
Poor performance in establishing an SSL connection
Hi,
i have a Servlet (loaded on Tomcat 4.1) that establishes a SSL Connection to a remote server. The issue is, is that the connection phase takes over 4 seconds to complete!
heres the function where the problem shows
public SSLSocket getSocket()
throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException,
IOException, KeyManagementException, CertificateException,
UnrecoverableKeyException
* Set up a key manager for client authentication if asked by the server.
SSLSocketFactory factory = null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
// Set the SSL Context to TLS (required for Client certs).
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance(ksType);
// Load in the KeyStore.
ks.load(new FileInputStream(ksLoc), ksPassphrase);
kmf.init(ks, ksPassphrase);
// Generate some random data.
SecureRandom sr = new SecureRandom();
sr.nextInt();
// Initialise the SSL with the random data.
ctx.init(kmf.getKeyManagers(), null, sr);
factory = ctx.getSocketFactory();
* Open the Socket to the SSL server. from this point we can treat
* it like and nomal Socket
SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
// Force the handshake
socket.startHandshake();
// Return the now open SSLSocket to the caller.
return socket;
the problematic line is:
SSLSocket socket = (SSLSocket)factory.createSocket(servHost, servPort);
it takes about 4.5 - 5.0 seconds to return. The remote server is based on the same LAN as this Servlet and so network lag should not be an issue (im accessing via 10.xx ip too)
Can anyone help me in determining why this takes so long?
Thanks !
Darren.First, try by removing the line which says:
socket.startHandshake();because the handshake will be initiated by the socket upon creation.
If you are using JDK v1.4.1 I've seen some SSL performance issues when stablishing the connection, so I returned to my old JDK 1.3.1.
Also be sure to create the factory in the servlet init() method because it has no sense to recreate the factory in every request as long as it uses the same KeyManager.
HTH -
Using secure tranport for making ssl connection with server using iPhone
HI all,
I need to estabilish a secured connection using tcp with sslv3 to the server. I tried using
[inputStream setProperty:NSStreamSocketSecurityLevelKey forKey:NSStreamSocketSecurityLevelSSLv3];
[outputStream setProperty:NSStreamSocketSecurityLevelKey forKey:NSStreamSocketSecurityLevelSSLv3];
I have explained the problem in detail in the following link
http://www.iphonedevsdk.com/forum/iphone-sdk-development/25721-creating-ssl-conn ection-using-sockets.html
But it makes only a tcp connection wth the server and the server sends the "Connection Reset by peer " error.
So I have planned to use Secure Tranport. But i didnt find a suitable sample code in the internet. I found a sample in apple 's docs. But thats too confusing. Any sample code available for making tcp with ssl connection with the server ????
Regards,
Mohammed Sadiq.You must select if you use certificates for the SSL.
If you are not, here is an example
// server is the ip address for the server and hostport the port to use
CFReadStreamRef readStream = NULL;
CFWriteStreamRef writeStream = NULL;
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, (CFStringRef ) server, hostport, &readStream, &writeStream);
if (readStream && writeStream) {
CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket , kCFBooleanTrue);
CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
iStream = (NSInputStream *)readStream;
[iStream retain];
[iStream setDelegate:self];
oStream = (NSOutputStream *)writeStream;
[oStream retain];
[oStream setDelegate:self];
if (Iwill_use_ssltoday == true)
int res1 = [iStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
int res2 = [oStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
NSLog(@"SEC TEST %d %d",res1,res2);
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
kCFNull,kCFStreamSSLPeerName,
// kCFStreamSocketSecurityLevelTLSv1, kCFStreamSSLLevel,
nil];
CFReadStreamSetProperty((CFReadStreamRef)iStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFWriteStreamSetProperty((CFWriteStreamRef)oStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
[iStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[iStream open];
[oStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[oStream open];
if (readStream)
CFRelease(readStream);
if (writeStream)
CFRelease(writeStream); -
when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inchI also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010. -
I really can't figure out this problem. Search the internet tried all kinds of things, nothing help so far.
I have a Macbook Pro (Lion originally installed) running on Mavericks (all latest updates). SSD installed and the DVD tray is replaced by the original HDD.
The laptop wasn't running very smooth anymore so decided to give it a fresh Mavericks install (even though I know it's not really necessary for mac, it helped, everything is much faster except a weird internet problem came up).
After freshly installing Mavericks I couldn't get into my google account anymore, just wouldn't load. Tried Safari (use this normally) and Firefox and Chrome, this last was gave a SSL connection error, both Safari and FF said the website couldn't be loaded because the server didn't respond. For Gmail I use Mailplane which is just stuck on a white page. I tried repairing the keychain, repaired disk and disk permissions, cleaned browsers, turned off firewall and antivirus (Shopos) started in safe mode, checked time settings which were all good. Nothing of this helped. I even ended up creating a usb bootdisk for Mavericks, formatted the disk and reinstalled from the start just Mavericks and nothing else, started Safari, still the same problem. As even this didn't help I figured it's not worth reinstalling all software so put back my backup.
Now I ended up somehow only being able to use Gmail normally in Firefox, Chrome still gives SSL error and Safari can load the inbox, but I can't open any messages. I get the error there is a problem with the connection. If I try in Basic HTML mode it surprisingly does work.
You would say, just use Firefox, finished...but the thing is that sometimes random websites won't load in Firefox, when I load the same site in Safari it works perfectly.
O yes, I also tried the connect to my iPhone and use the Cellular data network, then it's no problem using Gmail in Safari normally. You would say it's a router problem, but I have another Macbook Pro (just one model later running Mountain Lion) this one works perfectly with every browser. Also my iPhone does everyting logged into the WiFi network.
You can understand I really have no clue what's going on here, I don't see any logic. I can only think of a hardware problem in my Macbook, but don't see how that could cause these problems.
I hope someone is ably to help me ?Please read this whole message before doing anything.
This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
Step 1
The purpose of this step is to determine whether the problem is localized to your user account.
Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”
While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
Test while logged in as Guest. Same problem?
After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
Step 2
The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
Please take this step regardless of the results of Step 1.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem?
After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2. -
SSL Connection Configuration between Apache and Weblogic 8,1
I'm currently using Apache web server as a front end server for Weblogic server 8.1 and now i' facing some configuration problem to setting up the SSL connection between this 2 server. When i open my web application page, it shows
Failure of Server Apache bridge
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
and my proxy.log shows:
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt #0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~1) Is the managed server up?
2) from apache server are you able to bind the managed server port?
3) can you pls send the weblogic ssl configuration? -
How to use a key file in the FTP Task using and SSL connection
In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
AntonioYou can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs -
Hi,
I am trying to fetch report using bing API and making a SOAP call for fetching the data. I get the following error:
[Warning] fopen(): SSL: Connection reset by peer [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(): Failed to enable crypto [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
02-04-2015 10:17:41 (BST) : [Warning] fopen(https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=rzr63XFt5qJduddohoIRyOYAP%2f1%2ftsnhk8L%2bzBmUpdU2CQlcUB98RpY%2bbOaLFFGMqAC4IUUadC%2fNdNnJqeVCY%2f%2bpy6noVsVA%2fMJp47a3Xb1VjABfKhcdKy6vqpgEdcQg%2fQZ7QcEpZ3bEloJjUtGpDquFk53BnkeHEPVWZkDYcsQegRz%2fpG4t4w6gKCCRmhArd6osr6ZU9CMJ3lbxtGXjcQEMPvP2apNyr9P%2fc8niyfWA2aBcm1aEmOLX2KL3aRJ4rz9N7gG7uBslVZH%2b4rUjHdB7CMkbb%2fHyHwvPTqGPbPCHnicefr%2b%2fDP70hlkBEGfyOOswK67%2bl1zh7CyIv%2bcMlaDsuDX1HeFf4uORfD41H1z7):
failed to open stream: operation failed [file] /var/www/sites/psmedia/perfectstormmedia/tools/class/msn_api.class.php [line] 780
Whenever I execute my script. Can you please let me know what we can do to solve this issue. The version of PHP we are using is 5.3.3 with open ssl.Hi Shobha,
I can't confirm what version of PHP you are using, but to err on the side of caution please use the version specified in the sample/SDK:
PHP 5.4.14 has been installed from PHP.
Here is our code examples:
https://msdn.microsoft.com/en-US/library/bing-ads-overview-getting-started-php-with-web-services.aspx
Thanks,
Itai -
I am getting the following error using SQL Plus on Windows "ORA-28865: SSL connection closed"
I have set up my certificates on client and server and have tested the port using TCP and works fine. TCPS fails with ORA-28865. I have attached my trace file which was using level 10
Please any assistance is appreciated
(5888) [11-APR-2015 09:36:28:365] nsnainit: NS Connection version: 315
(5888) [11-APR-2015 09:36:28:365] nsnainit: inf->nsinfflg[0]: 0x41 inf->nsinfflg[1]: 0x41
(5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
native service(s) is (are) wanted
(5888) [11-APR-2015 09:36:28:365] nsnainit: "or" info flags: 0x41 Translations follow:
native service(s) is (are) wanted
"and" info flags: 0x41 Translations follow:
native service(s) is (are) wanted
(5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:365] nsopen: global context check-in (to slot 0) complete
(5888) [11-APR-2015 09:36:28:365] nsopen: lcl[0]=0xf4ffefff, lcl[1]=0x102000, gbl[0]=0xfabf, gbl[1]=0x1, tdu=2097152, sdu=8192
(5888) [11-APR-2015 09:36:28:365] nsfull_opn: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x0
(5888) [11-APR-2015 09:36:28:365] nsfull_opn: nsctx: state=7, flg=0x4001, mvd=0
(5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214d1a0
(5888) [11-APR-2015 09:36:28:365] nsmal: 168 bytes at 0x214dbf0
(5888) [11-APR-2015 09:36:28:365] nsmfr: 239 bytes at 0x20e53a0
(5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=8, uflgs=0x0, cflgs=0x3
(5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
(5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=14, flg=0x4005, mvd=0
(5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
(5888) [11-APR-2015 09:36:28:365] nscon: doing connect handshake...
(5888) [11-APR-2015 09:36:28:365] nscon: sending NSPTCN packet
(5888) [11-APR-2015 09:36:28:365] nspsend: plen=70, type=1
(5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
(5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
(5888) [11-APR-2015 09:36:28:365] nttwr: entry
(5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=99
(5888) [11-APR-2015 09:36:28:365] nttwr: exit
(5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
(5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
(5888) [11-APR-2015 09:36:28:365] nspsend: 70 bytes to transport
(5888) [11-APR-2015 09:36:28:365] nscon: sending 238 bytes connect data
(5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=67, *bl=238, *what=1, uflgs=0x4002, cflgs=0x0
(5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
(5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=431
(5888) [11-APR-2015 09:36:28:365] nsdo: 238 bytes to NS buffer
(5888) [11-APR-2015 09:36:28:365] nsdofls: DATA flags: 0x0
(5888) [11-APR-2015 09:36:28:365] nsdofls: sending NSPTDA packet
(5888) [11-APR-2015 09:36:28:365] nspsend: plen=248, type=6
(5888) [11-APR-2015 09:36:28:365] ntzwrite: entry
(5888) [11-APR-2015 09:36:28:365] nzos_Write: entry
(5888) [11-APR-2015 09:36:28:365] nttwr: entry
(5888) [11-APR-2015 09:36:28:365] nttwr: socket 560 had bytes written=277
(5888) [11-APR-2015 09:36:28:365] nttwr: exit
(5888) [11-APR-2015 09:36:28:365] nzos_Write: exit
(5888) [11-APR-2015 09:36:28:365] ntzwrite: exit
(5888) [11-APR-2015 09:36:28:365] nspsend: 248 bytes to transport
(5888) [11-APR-2015 09:36:28:365] nsdoacts: flushing transport
(5888) [11-APR-2015 09:36:28:365] ntzcontrol: entry
(5888) [11-APR-2015 09:36:28:365] ntzcontrol: Command = 4
(5888) [11-APR-2015 09:36:28:365] ntzcontrol: unknown command 4 - calling underlying protocol adapter
(5888) [11-APR-2015 09:36:28:365] nttctl: entry
(5888) [11-APR-2015 09:36:28:365] ntzcontrol: operation is unsupported
(5888) [11-APR-2015 09:36:28:365] ntzcontrol: exit
(5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:365] nsdo: nsctxrnk=0
(5888) [11-APR-2015 09:36:28:365] nsdo: cid=0, opcode=68, *bl=2048, *what=9, uflgs=0x0, cflgs=0x3
(5888) [11-APR-2015 09:36:28:365] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:365] nsdo: rank=64, nsctxrnk=0
(5888) [11-APR-2015 09:36:28:365] nsdo: nsctx: state=2, flg=0x4005, mvd=0
(5888) [11-APR-2015 09:36:28:365] nsdo: gtn=10, gtc=10, ptn=10, ptc=8111
(5888) [11-APR-2015 09:36:28:380] nscon: recving a packet
(5888) [11-APR-2015 09:36:28:380] nsprecv: reading from transport...
(5888) [11-APR-2015 09:36:28:380] ntzread: entry
(5888) [11-APR-2015 09:36:28:380] ntznzosread: entry
(5888) [11-APR-2015 09:36:28:380] nzos_Read: entry
(5888) [11-APR-2015 09:36:28:380] nttrd: entry
(5888) [11-APR-2015 09:36:28:380] ntt2err: entry
(5888) [11-APR-2015 09:36:28:380] ntt2err: exit
(5888) [11-APR-2015 09:36:28:380] nttrd: socket 560 had bytes read=0
(5888) [11-APR-2015 09:36:28:380] nttrd: exit
(5888) [11-APR-2015 09:36:28:380] nzos_Read: exit
(5888) [11-APR-2015 09:36:28:380] ntznzosread: encountered "wouldblock" error
(5888) [11-APR-2015 09:36:28:380] ntctst: size of NTTEST list is 1 - not calling poll
(5888) [11-APR-2015 09:36:28:396] nzos_Read: entry
(5888) [11-APR-2015 09:36:28:396] nttrd: entry
(5888) [11-APR-2015 09:36:28:396] nttrd: exit
(5888) [11-APR-2015 09:36:28:396] ntt2err: entry
(5888) [11-APR-2015 09:36:28:396] ntt2err: Read unexpected EOF ERROR on 560
(5888) [11-APR-2015 09:36:28:396] ntt2err: exit
(5888) [11-APR-2015 09:36:28:396] nzos_Read: exit
(5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection closed gracefully.
(5888) [11-APR-2015 09:36:28:396] ntznzosread: SSL connection terminated normally.
(5888) [11-APR-2015 09:36:28:396] ntznzosread: returning NZ error 28865 in result structure
(5888) [11-APR-2015 09:36:28:396] ntznzosread: exit
(5888) [11-APR-2015 09:36:28:396] nserror: nsres: id=0, op=68, ns=12537, ns2=12560; nt[0]=507, nt[1]=0, nt[2]=0; ora[0]=28865, ora[1]=0, ora[2]=0
(5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:396] nsdo: nsctxrnk=0
(5888) [11-APR-2015 09:36:28:396] nscall: unexpected response
(5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
(5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
(5888) [11-APR-2015 09:36:28:396] nstimarmed: no timer allocated
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 14
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: entry
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: Command = 15
(5888) [11-APR-2015 09:36:28:396] ntzcontrol: exit
(5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:396] nsfull_cls: cid=0, opcode=65, *bl=0, *what=0, uflgs=0x0, cflgs=0x440
(5888) [11-APR-2015 09:36:28:396] nsfull_cls: nsctx: state=1, flg=0x4001, mvd=0
(5888) [11-APR-2015 09:36:28:396] nsclose: closing transport
(5888) [11-APR-2015 09:36:28:396] ntzdisconnect: entry
(5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: entry
(5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: entry
(5888) [11-APR-2015 09:36:28:396] nzos_DestroyCtx: exit
(5888) [11-APR-2015 09:36:28:396] ntzFreeNTZData: exit
(5888) [11-APR-2015 09:36:28:396] nttdisc: entry
(5888) [11-APR-2015 09:36:28:396] nttdisc: Closed socket 560
(5888) [11-APR-2015 09:36:28:396] nttdisc: exit
(5888) [11-APR-2015 09:36:28:396] ntzdisconnect: exit
(5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:396] nsclose: global context check-out (from slot 0) complete
(5888) [11-APR-2015 09:36:28:396] nadisc: entry
(5888) [11-APR-2015 09:36:28:396] nacomtm: entry
(5888) [11-APR-2015 09:36:28:396] nacompd: entry
(5888) [11-APR-2015 09:36:28:396] nacompd: exit
(5888) [11-APR-2015 09:36:28:396] nacompd: entry
(5888) [11-APR-2015 09:36:28:396] nacompd: exit
(5888) [11-APR-2015 09:36:28:396] nacomtm: exit
(5888) [11-APR-2015 09:36:28:396] nas_dis: entry
(5888) [11-APR-2015 09:36:28:396] nas_dis: exit
(5888) [11-APR-2015 09:36:28:396] nau_dis: entry
(5888) [11-APR-2015 09:36:28:396] nau_dis: exit
(5888) [11-APR-2015 09:36:28:396] naeetrm: entry
(5888) [11-APR-2015 09:36:28:396] naeetrm: exit
(5888) [11-APR-2015 09:36:28:396] naectrm: entry
(5888) [11-APR-2015 09:36:28:396] naectrm: exit
(5888) [11-APR-2015 09:36:28:396] nagbltrm: entry
(5888) [11-APR-2015 09:36:28:396] nau_gtm: entry
(5888) [11-APR-2015 09:36:28:396] nau_gtm: exit
(5888) [11-APR-2015 09:36:28:396] nagbltrm: exit
(5888) [11-APR-2015 09:36:28:396] nadisc: exit
(5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:396] nsvntx_dei: entry
(5888) [11-APR-2015 09:36:28:396] nsvntx_dei: exit
(5888) [11-APR-2015 09:36:28:396] snsbitts_ts: acquired the bit
(5888) [11-APR-2015 09:36:28:396] nsmfr: 2944 bytes at 0x2152400
(5888) [11-APR-2015 09:36:28:396] nsmfr: 1880 bytes at 0x2151ca0
(5888) [11-APR-2015 09:36:28:396] nscall: connecting...
(5888) [11-APR-2015 09:36:28:396] nladget: entry
(5888) [11-APR-2015 09:36:28:396] nladget: exit
(5888) [11-APR-2015 09:36:28:396] nsmfr: 238 bytes at 0x221def0
(5888) [11-APR-2015 09:36:28:412] nsmfr: 304 bytes at 0x20d8200
(5888) [11-APR-2015 09:36:28:412] nladtrm: entry
(5888) [11-APR-2015 09:36:28:412] nladtrm: exit
(5888) [11-APR-2015 09:36:28:412] nioqper: error from nscall
(5888) [11-APR-2015 09:36:28:412] nioqper: ns main err code: 12537
(5888) [11-APR-2015 09:36:28:412] nioqper: ns (2) err code: 12560
(5888) [11-APR-2015 09:36:28:412] nioqper: nt main err code: 507
(5888) [11-APR-2015 09:36:28:412] nioqper: nt (2) err code: 0
(5888) [11-APR-2015 09:36:28:412] nioqper: nt OS err code: 0
(5888) [11-APR-2015 09:36:28:412] niomapnserror: entry
(5888) [11-APR-2015 09:36:28:412] niqme: entry
(5888) [11-APR-2015 09:36:28:412] niqme: reporting ORA-28865 error
(5888) [11-APR-2015 09:36:28:412] niqme: exit
(5888) [11-APR-2015 09:36:28:412] niomapnserror: exit
(5888) [11-APR-2015 09:36:28:412] niotns: Couldn't connect, returning 28865
(5888) [11-APR-2015 09:36:28:412] niotns: exit
(5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d1a0, data at 0x2225ca0.
(5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214dbf0, data at 0x2227d90.
(5888) [11-APR-2015 09:36:28:412] nsbrfr: nsbfs at 0x214d9e0, data at 0x21531c0.
(5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NI global area is now 1
(5888) [11-APR-2015 09:36:28:412] nigtrm: Count in the NL global area is now 1CLIENT SQLNET.ORA
TRACE_LEVEL_CLIENT = 10
TRACE_UNIQUE_CLIENT = ON
TRACE_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\trace
TRACE_FILE_CLIENT = sqlnet_client.trc
LOG_FILE_CLIENT = sqlnet_client.log
LOG_DIRECTORY_CLIENT = C:\Oracle\app\client\product\12.1.0\client_1\network\log
DIAG_ADR_ENABLED = OFF
TRACE_TIMESTAMP_CLIENT = ON
SQLNET.AUTHENTICATION_SERVICES = (ALL)
SQLNET.AUTHENTICATION_REQUIRED = FALSE
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\Oracle\app\client\product\12.1.0\client_1\network\wallets)
ADR_BASE = C:\Oracle\app\client\product\12.1.0\client_1\log
SERVER SQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (ALL)
SSL_VERSION = 0
SSL_CLIENT_AUTHENTICATION = FALSE
TRACE_UNIQUE_SERVER = ON
TRACE_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/trace
TRACE_FILE_SERVER = sqlnet_server.trc
LOG_FILE_SERVER = sqlnet_server.log
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/grid/product/12.1.0/12.1.0.2/owm/wallets/grid)
LOG_DIRECTORY_SERVER = /u01/app/grid/product/12.1.0/12.1.0.2/network/log
SQLNET.AUTHENTICATION_REQUIRED = FALSE
DIAG_ADR_ENABLED = OFF
TRACE_TIMESTAMP_SERVER = ON
Maybe you are looking for
-
Hi everyone I'm just wondering how to fix my ipod. I know someone just put up a post just like it I just got the new update for my 60GB Ipod Video. Before the update it was fine the videos played normally but now my videos will play normally for abou
-
Upgrade HTMLDB 1.6 to APEX 3.0 - what do I need to do?
We're using HTMBDB version 1.6 - is the upgrade to Apex 3.0 straightforward (can someone point me to where I can find documentation for how to do this)? Do we have to upgrade to an intermediary version, or can we go straight to 3.0? Are there any kno
-
Dear All We are getting an unexpected error while trying to save any object in our ID. Can some one let us know what is causing this error and how to resolve it? The Error log looks like this:::::::::::::: STACKTRACE: com.sap.aii.utilxi.swing.framewo
-
Encrypted "Application Support" cause crashes
I am not sure if this is a question that can be addressed, but please bear with me as I try to explain what I discovered today. For years (since Leopard), I have done this setup with my Mac: 1. Create an encrypted disk image using Disk Utility (AES12
-
Hi I have created more than 15 packages for a single application i have used many procedures functions on no:of tables. after running the project they have taking long longtime. what is best way to tune the plsql query's and please explain how to tun