Issue #9 resolved

HTTPS Support

wizche
created an issue

Hi All, I used for almost a couple of months scm-manager and it was really helpfully, now I'd like to migrate to HTTPS the comunication.

I've configured the relative section in server-config.xml: {{{

!XML

<Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.security.SslSocketConnector"> <Set name="Port">443</Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="jetty.home" default="." />/home/wizche/scm-server/ssh/keystore</Set> <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="." />/home/wizche/scm-server/ssh/keystore</Set> <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call> }}}

When I try now to start scm I receive the following error: wizche@scm-01:~/scm-server/bin$ ./scm-server 2011-04-11 19:30:44.209:WARN::Config error at <Call name="addConnector">| <Arg>| <New class="org.mortbay.jetty.security.SslSocketConnector">| <Set name="Port">443</Set>| <Set name="maxIdleTime">30000</Set>| <Set name="keystore"><SystemProperty name="jetty.home" default="."/>/home/wizche/scm-server/ssh/keystore</Set>| <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>| <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>| <Set name="truststore"><SystemProperty name="jetty.home" default="."/>/home/wizche/scm-server/ssh/keystore</Set>| <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>| </New>| </Arg>| </Call> java.lang.ClassNotFoundException: org.mortbay.jetty.security.SslSocketConnector Exception in thread "main" java.lang.ExceptionInInitializerError Caused by: sonia.scm.server.ScmServerException: error during server configuration at sonia.scm.server.ScmServer.<init>(ScmServer.java:80) at sonia.scm.server.ScmServerDaemon.<clinit>(ScmServerDaemon.java:50) Caused by: java.lang.ClassNotFoundException: org.mortbay.jetty.security.SslSocketConnector at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at org.eclipse.jetty.util.Loader.loadClass(Loader.java:90) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.nodeClass(XmlConfiguration.java:353) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:748) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1108) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1023) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:693) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:386) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:318) at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:273) at sonia.scm.server.ScmServer.<init>(ScmServer.java:76) ... 1 more Could not find the main class: sonia.scm.server.ScmServerDaemon. Program will exit. wizche@scm-01:~/scm-server/bin$

It seems that scm cannot locate org.mortbay.jetty.security.SslSocketConnector during the startup, is the connector included somewhere in the jar library packages provided with scm?

Any help really appreciated...

My version: scm-server 1.1 (last stable)

Comments (10)

  1. Sebastian Sdorra repo owner

    The class org.mortbay.jetty.security.SslSocketConnector in the server-config.xml is wrong. The right one is org.eclipse.jetty.server.ssl.SslSelectChannelConnector.

    <Call name="addConnector">
          <Arg>
            <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
            <Set name="Port">443</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="keystore">/home/wizche/scm-server/ssh/keystore</Set>
            <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
            <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
            <Set name="truststore">/home/wizche/scm-server/ssh/keystore</Set>
            <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
          </New>
        </Arg>
      </Call>
    

    I think you have to change your passwords too. Have a look at this documentation http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors

  2. wizche reporter

    Hi Sebastian, What a fast answer! It worked perfectly thank you, may I signal another problem I'm facing, when I now try to see incoming/outgoing changes it works perfectly, when instead I try to push changes to the server it gives me the following error (TortoiseHg), the error itself appear after about 10 seconds from the pushing started:

    pushing to https://wizche:***@10.10.20.114/scm/hg/BestPracticeExtension searching for changes 38 changesets found <urlopen error [Errno 10053] An established connection was aborted by the software in your host machine> [command interrupted]

    At scm-server side I see this messages:

    2011-04-12 13:16:58.270:WARN::SSL renegotiate denied: java.nio.channels.SocketChannel[connected local=/10.10.20.114:443 remote=/192.168.101.127:9365] 2011-04-12 13:16:58.634:WARN::SSL renegotiate denied: java.nio.channels.SocketChannel[connected local=/10.10.20.114:443 remote=/192.168.101.127:9369]

    If I try a really small push (i.e. just one file) it works, it seems like the client is doing a renegotiation after x seconds (that doesn't corresponds to the 30 seconds configured by default as idleTime in the server-config.xml)

    I try to see if there is a property that permit the renegotiation at scm-server side, but the connector used doesn't expose that via property (from server-config.xml). At code side you could use the proper function:

    public void setAllowRenegotiate(boolean allowRenegotiate)
    

    What do you think Sebastian?

  3. Sebastian Sdorra repo owner

    Hi, I could not reproduce this error. But you could try to use:

    <Set name="allowRenegotiate">true</Set>
    

    Example:

      <Call name="addConnector">
          <Arg>
            <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
            <Set name="Port">443</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="keystore">/home/wizche/scm-server/ssh/keystore</Set>
            <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
            <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
            <Set name="truststore">/home/wizche/scm-server/ssh/keystore</Set>
            <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
           <Set name="allowRenegotiate">true</Set>
          </New>
        </Arg>
      </Call>
    
  4. wizche reporter

    Thanks Sebastian, I tried out with the property set and I receive now another error, from scm-server log:

    2011-04-12 14:26:30.275:INFO::Started SelectChannelConnector@0.0.0.0:8080
    2011-04-12 14:26:30.962:INFO::Started SslSelectChannelConnector@0.0.0.0:443
    2011-04-12 14:39:48.868:WARN::handle failed
    java.lang.IllegalStateException: Status = BUFFER_OVERFLOW HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 0 16384 16660
            at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:726)
            at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:362)
            at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:292)
            at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
            at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
            at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:526)
            at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:41)
            at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)
            at java.lang.Thread.run(Unknown Source)
    2011-04-12 14:39:49.270:WARN::handle failed
    java.lang.IllegalStateException: Status = BUFFER_OVERFLOW HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 0 16384 16660
            at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:726)
            at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:362)
            at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:292)
            at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
            at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
            at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:526)
            at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:41)
            at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:528)
            at java.lang.Thread.run(Unknown Source)
    

    I hereby attach also the command hg push results (with --debug parameter).

    I checked on the server and on the client firewall is disabled.

    Any idea?

  5. wizche reporter

    I just done a hg bundle of the whole repository from my machine and uploaded it to the server. (50 mb)...

    I than unbundled it (hg unbundle) and the repository is now up-to-date, now when I try to commit small changes (like a single file) it works, seems really that the problem is related to "big" amount of data

  6. Sebastian Sdorra repo owner

    I'm now able to reproduce this issue. It occures only when i try to push from windows. It works fine on my mac and on my solaris workstation. I will try to fix this issue in the next few days.

  7. Log in to comment