Derby
  1. Derby
  2. DERBY-2795

Unable to bring up server with SSL peer authentication enabled

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.3.1.4
    • Fix Version/s: 10.3.1.4
    • Component/s: Network Server
    • Labels:
      None
    • Urgency:
      Normal

      Description

      I was able to bring up the server with basic SSL support (-ssl basic). The server came up and printed this diagnostic:

      Apache Derby Network Server - 10.3.0.0 alpha - (545529M) started and ready to accept SSL connections on port 8246 at 2007-06-08 19:11:51.449 GMT

      However, when I brought up the server with SSL peer authentication (-ssl authenticate), the server came up without printing out an SSL diagnostic. I was able to connect to the server from a client which did not request ssl on the connection URL. I was able to shutdown the server without specifying an ssl option on the shutdown command line. Here is the command I used to bring up the network server with SSL peer authentication:

      java \
      -Dderby.connection.requireAuthentication=true \
      -Dderby.authentication.provider=BUILTIN \
      -Dderby.user.\"rick\"=rickspassword \
      -Dderby.database.sqlAuthorization=true \
      -Djavax.net.ssl.keyStore=/export/home/rh161140/derby/keystores/serverKeyStore.key \
      -Djavax.net.ssl.keyStorePassword=serverKeystorePassword \
      -Djavax.net.ssl.trustStore=/export/home/rh161140/derby/keystores/serverKeyStore.key \
      -Djavax.net.ssl.trustStorePassword=serverKeystorePassword \
      org.apache.derby.drda.NetworkServerControl start -p 8246 -ssl peerAuthenticate

      1. DERBY-2795-doc-bug.diff
        0.5 kB
        Bernt M. Johnsen
      2. DERBY-2795-code-bug.diff
        3 kB
        Bernt M. Johnsen
      3. DERBY-2795-code-bug.stat
        0.1 kB
        Bernt M. Johnsen

        Issue Links

          Activity

          Hide
          Bernt M. Johnsen added a comment -

          Code fix. Imeplemented checking sslMode values both on server and client.
          Committed revision 546217.

          Show
          Bernt M. Johnsen added a comment - Code fix. Imeplemented checking sslMode values both on server and client. Committed revision 546217.
          Hide
          Bernt M. Johnsen added a comment -

          Doc fix.
          Committed revision 546151.

          Show
          Bernt M. Johnsen added a comment - Doc fix. Committed revision 546151.
          Hide
          Bernt M. Johnsen added a comment -

          Attached code fix.

          Show
          Bernt M. Johnsen added a comment - Attached code fix.
          Hide
          Bernt M. Johnsen added a comment -

          Fixing the doc typo.

          Show
          Bernt M. Johnsen added a comment - Fixing the doc typo.
          Hide
          Bernt M. Johnsen added a comment -

          Thanks for taking time to test SSL. You encountered two bugs:
          1) Typo in the manual. It should be "-ssl peerAuhentication"
          2) Misspelled arguments to -ssl is ignored and it defaults to no ssl instead of giving an error message.

          Show
          Bernt M. Johnsen added a comment - Thanks for taking time to test SSL. You encountered two bugs: 1) Typo in the manual. It should be "-ssl peerAuhentication" 2) Misspelled arguments to -ssl is ignored and it defaults to no ssl instead of giving an error message.

            People

            • Assignee:
              Bernt M. Johnsen
              Reporter:
              Rick Hillegas
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development