在Tomcat 7上作为WAR文件托管的Grails内部Web应用程序我有一个Web服务客户端,在SSL握手时失败,例外:
org.apache.cxf.interceptor.Fault: Could not send Message.
出于某种原因,使用'run-app'命令直接从Grails在dev / test环境中运行应用程序一切正常。
我使用Java属性-Djavax.net.debug=all启用了Tomcat 7上的SSL日志记录,我们收到了此错误:
http-bio-8080-exec-6, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
http-bio-8080-exec-6, handling exception: java.net.SocketException: Software caused connection abort: recv failed
Grails dev和Tomcat环境有什么区别?
我们正在使用Tomcat 7和Java 7,但在Tomcat 8和Java 8上测试的结果相同。 目标Web服务及其服务器是第三方,因此我无法控制它。
SSL握手日志的最后部分:
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 AD 3E 77 ..............>w
0010: 84 C1 68 E3 C1 D7 14 54 57 C0 50 52 9E 77 3B EC ..h....TW.PR.w;.
0020: 4A A3 E7 D4 80 3F D6 E8 BE B4 7A EF 9F E5 5C C4 J....?....z...\.
0030: 61 29 3A AC A1 99 04 35 6C E0 0D ED 3D A7 01 38 a):....5l...=..8
0040: 91 90 60 2A 44 C1 32 4F DF C2 F0 5D E3 59 D7 EB ..`*D.2O...].Y..
0050: 47 9E EE E6 9C 1C B8 9B DC 1D 31 37 3C AD F4 9C G.........17<...
0060: 4A 39 A8 FE AF DB D6 9E 83 74 77 D8 CD 74 95 71 J9.......tw..t.q
0070: 62 2B 29 94 E4 60 CE B5 E9 C2 17 62 1F 8B 7B 37 b+)..`.....b...7
0080: E0 D1 79 7F 06 69 59 97 A4 75 89 3E B0 49 1F 0A ..y..iY..u.>.I..
0090: 8B F6 3A FF 5F E9 E1 05 F0 B3 E5 48 4F 88 AE 38 ..:._......HO..8
00A0: 4F 51 1C 14 62 5E 4B 40 DF 2D 5A 2A F4 97 A8 29 OQ..b^K@.-Z*...)
00B0: 5C 0E 9C 5F 9A FF 18 BF 07 8D 69 1B 7D 72 5E D4 \.._......i..r^.
00C0: BD EE A3 87 DA 0A 1D C3 99 18 7E 36 07 2A 5B 5D ...........6.*[]
00D0: 61 1B 4D 9B B9 57 4A 04 0E 99 35 8E 6C 21 C2 18 a.M..WJ...5.l!..
00E0: 44 D1 B7 4E 9C CE 03 9C C9 65 2D 43 95 B2 44 27 D..N.....e-C..D'
00F0: D4 21 49 46 06 B4 05 CE 48 83 79 F1 DF 45 29 01 .!IF....H.y..E).
0100: AA 3D 62 97 DA E8 85 3B 4A 2A AE 2E AB .=b....;J*...
http-bio-8080-exec-6, WRITE: TLSv1 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02 ................
0010: 01 00 AD 3E 77 84 C1 68 E3 C1 D7 14 54 57 C0 50 ...>w..h....TW.P
0020: 52 9E 77 3B EC 4A A3 E7 D4 80 3F D6 E8 BE B4 7A R.w;.J....?....z
0030: EF 9F E5 5C C4 61 29 3A AC A1 99 04 35 6C E0 0D ...\.a):....5l..
0040: ED 3D A7 01 38 91 90 60 2A 44 C1 32 4F DF C2 F0 .=..8..`*D.2O...
0050: 5D E3 59 D7 EB 47 9E EE E6 9C 1C B8 9B DC 1D 31 ].Y..G.........1
0060: 37 3C AD F4 9C 4A 39 A8 FE AF DB D6 9E 83 74 77 7<...J9.......tw
0070: D8 CD 74 95 71 62 2B 29 94 E4 60 CE B5 E9 C2 17 ..t.qb+)..`.....
0080: 62 1F 8B 7B 37 E0 D1 79 7F 06 69 59 97 A4 75 89 b...7..y..iY..u.
0090: 3E B0 49 1F 0A 8B F6 3A FF 5F E9 E1 05 F0 B3 E5 >.I....:._......
00A0: 48 4F 88 AE 38 4F 51 1C 14 62 5E 4B 40 DF 2D 5A HO..8OQ..b^K@.-Z
00B0: 2A F4 97 A8 29 5C 0E 9C 5F 9A FF 18 BF 07 8D 69 *...)\.._......i
00C0: 1B 7D 72 5E D4 BD EE A3 87 DA 0A 1D C3 99 18 7E ..r^............
00D0: 36 07 2A 5B 5D 61 1B 4D 9B B9 57 4A 04 0E 99 35 6.*[]a.M..WJ...5
00E0: 8E 6C 21 C2 18 44 D1 B7 4E 9C CE 03 9C C9 65 2D .l!..D..N.....e-
00F0: 43 95 B2 44 27 D4 21 49 46 06 B4 05 CE 48 83 79 C..D'.!IF....H.y
0100: F1 DF 45 29 01 AA 3D 62 97 DA E8 85 3B 4A 2A AE ..E)..=b....;J*.
0110: 2E AB ..
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 8E 4C 97 8B D1 36 EB 9B A4 59 97 AC F9 75 ...L...6...Y...u
0010: 1F 3B 14 2A 7C B0 D1 FE B8 15 DE 61 93 A7 84 AC .;.*.......a....
0020: 5C 34 4D 4E 0D C1 19 FC 3F 42 38 77 4D FF 20 29 \4MN....?B8wM. )
CONNECTION KEYGEN:
Client Nonce:
0000: 55 3F 44 E3 2E 6E E7 A7 E1 19 9A 48 6E 14 B6 95 U?D..n.....Hn...
0010: C7 65 26 2B EB DE D8 44 C0 E1 70 68 56 AE 51 4D .e&+...D..phV.QM
Server Nonce:
0000: 55 3F 44 E3 49 7C 29 23 32 9A 89 7B DC 7B C5 9E U?D.I.)#2.......
0010: 26 2F FD A4 54 C4 8C C7 BD 9A 63 7E CE 7A 4E A1 &/..T.....c..zN.
Master Secret:
0000: 8E 77 FC 93 F7 7F A7 F8 4E B0 7F 46 91 0A D1 45 .w......N..F...E
0010: 21 6E 20 F0 F9 44 EB D4 06 64 7C 2D 4B 49 6F 0F !n ..D...d.-KIo.
0020: E1 B7 93 2A 86 A8 7E CA 3E 7B 36 04 57 1E 3A 78 ...*....>.6.W.:x
Client MAC write Secret:
0000: 41 C8 49 3F 72 76 9B 54 CF 10 6C 84 39 FE BC F5 A.I?rv.T..l.9...
0010: 20 39 79 4C 9yL
Server MAC write Secret:
0000: 6B 57 51 ED 32 16 FE F4 17 3E 31 1B BE 03 40 8D kWQ.2....>1...@.
0010: 6C 1F 1D F2 l...
Client write key:
0000: 60 72 62 0D DA B4 CC 3F 71 67 63 2B 3F BB AA A1 `rb....?qgc+?...
Server write key:
0000: 08 AE 2D DB EB E0 55 76 D7 F0 04 C2 AC E9 BD C5 ..-...Uv........
Client write IV:
0000: F8 44 FE 6D 70 61 AC 60 DF 21 A6 50 B4 44 A4 87 .D.mpa.`.!.P.D..
Server write IV:
0000: 03 BB E4 FB 9E 36 A3 DC C7 EB D7 FA 5F 34 43 6D .....6......_4Cm
http-bio-8080-exec-6, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 156, 173, 59, 98, 213, 148, 56, 129, 171, 102, 102, 28 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 9C AD 3B 62 D5 94 38 81 AB 66 66 1C ......;b..8..ff.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 9C AD 3B 62 D5 94 38 81 AB 66 66 1C ......;b..8..ff.
0010: EB B3 42 ED E3 DD A9 48 07 A2 FC A8 15 EE 34 AE ..B....H......4.
0020: D1 B7 C2 75 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ...u............
http-bio-8080-exec-6, WRITE: TLSv1 Handshake, length = 48
http-bio-8080-exec-6, waiting for close_notify or alert: state 1
http-bio-8080-exec-6, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
http-bio-8080-exec-6, handling exception: java.net.SocketException: Software caused connection abort: recv failed
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
http-bio-8080-exec-6, SEND TLSv1 ALERT: fatal, description = unexpected_message
Padded plaintext before ENCRYPTION: len = 32
0000: 02 0A C4 92 83 43 07 2C 4F BB BB AD 4A 23 54 64 .....C.,O...J#Td
0010: 6D A5 68 33 F0 B9 09 09 09 09 09 09 09 09 09 09 m.h3............
http-bio-8080-exec-6, WRITE: TLSv1 Alert, length = 32
http-bio-8080-exec-6, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
http-bio-8080-exec-6, called closeSocket()
http-bio-8080-exec-6, called close()
http-bio-8080-exec-6, called closeInternal(true)
经过更多调查后发现:我在'cxf-rt-frontend-jaxws.jar'中删除了'META-INF \ services \ javax.xml.ws.spi.Provider'文件的脏黑客”。这个jar依赖/插件强制SSL实现为'org.apache.cxf.jaxws22.spi.ProviderImpl'而不是默认的'com.sun.xml.ws.spi.ProviderImpl'。使用默认实现一切正常,但仍想知道正确的修复?
看起来'org.apache.cxf.jaxws22.spi.ProviderImpl'实现将证书发送到服务器,但不包括证书链,因此服务器拒绝接受我们的证书,但为什么?