search

umair1112 / sipservlets

Automatically exported from code.google.com/p/sipservlets
0 stars 0 forks source link

TLS failing when missing keystore type #191

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
TLS fails when running Mobicents 2.0.0.FINAL.  Running the command:

openssl s_client -host 135.105.129.109 -port 5081

just sits saying:

CONNECTED(00000003)

the server threw:

06:54:49,942 ERROR [gov.nist.javax.sip.stack.NioTcpMessageProcessor] 
(NioSelector-TLS-0.0.0.0/5081) Problem processing selection key event: 
java.io.IOException: Can't do TLS init
    at gov.nist.javax.sip.stack.NioTlsMessageChannel.<init>(NioTlsMessageChannel.java:76) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at gov.nist.javax.sip.stack.NioTlsMessageChannel.create(NioTlsMessageChannel.java:59) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at gov.nist.javax.sip.stack.NioTlsMessageProcessor.createMessageChannel(NioTlsMessageProcessor.java:36) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.accept(NioTcpMessageProcessor.java:213) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at gov.nist.javax.sip.stack.NioTcpMessageProcessor$ProcessorTask.run(NioTcpMessageProcessor.java:306) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_24]
Caused by: java.lang.NullPointerException
    at gov.nist.javax.sip.stack.NioTlsMessageChannel.init(NioTlsMessageChannel.java:84) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    at gov.nist.javax.sip.stack.NioTlsMessageChannel.<init>(NioTlsMessageChannel.java:73) [jain-sip-ri-1.2.170-NIO.jar:1.2.170-NIO]
    ... 5 more

turning on debugging revealed;

06:54:29,935 DEBUG [gov.nist.javax.sip.stack.NioTlsMessageProcessor] (MSC 
service thread 1-7) TLS initialization failed due to NULL security config

and before that:

06:54:24,654 DEBUG [gov.nist.core.net.DefaultSecurityManagerProvider] (MSC 
service thread 1-8) Security manager not specified, TLS settings will be 
inactive

This error causes DefaultSecurityMangerProvider to exit before initializing 
when the javax.net.ssl.keyStoreType is not defined.

DefaultSecurityMangerProvider.init(Properties properties)
...
       if(keyStoreType == null)  {
            logger.logDebug("Security manager not specified, TLS settings will be inactive");
            return;
        }

To solved this by adding -Djavax.net.ssl.keyStoreType="jks"  to my startup line 
which ended up looking something like ==>
./standalone.sh -c standalone-sip.xml -Djavax.net.ssl.trustStore="xxx" 
-Djavax.net.ssl.trustStorePassword="xxx" -Djavax.net.ssl.keyStore="xxx" 
-Djavax.net.ssl.keyStorePassword="xxx"  -Djavax.net.ssl.keyStoreType="jks" 

The user guide does not mention adding the keyStoreType which normally that 
defaults to jks anyway.  If this does need to be specified, it may be helpful 
to have a clearer log indicating the missing property.

I am using Ubuntu 12.04 and had an additional TLS problem with open-jdk-6-jdk.  
When turning on the ssl debug, I was getting a CKR_DOMAIN_PARAMS_INVALID.  I 
solved this by following                                        
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
and disabling this in java.security
             #security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
Probably not the right fix and this is not a mobicents issue.

TLS seems good now.

Thanks,
Tim

Original issue reported on code.google.com by timross...@gmail.com on 25 Jan 2013 at 12:28

GoogleCodeExporter commented 9 years ago 
I believe this is fixed by patch contributed to
http://code.google.com/p/jain-sip/issues/detail?id=56

Original comment by josemre...@gmail.com on 10 Feb 2013 at 11:11

GoogleCodeExporter commented 9 years ago

Original comment by jean.deruelle on 15 Feb 2013 at 4:36

GoogleCodeExporter commented 9 years ago 
Fixed in http://code.google.com/p/jain-sip/issues/detail?id=56

Original comment by jean.der...@telestax.com on 18 Apr 2013 at 1:36

GoogleCodeExporter commented 9 years ago

Original comment by jean.deruelle on 5 Jul 2013 at 12:50