| Author |
Message
|
| napier |
 Posted: Fri Aug 14, 2009 6:09 am Post subject: Two way ssl communication problem |
 |
|
Apprentice
Joined: 09 Oct 2007
Posts: 48
Location: USA
|
we have a two way ssl communication setup at execution group level .
We are getting the following exception when the source system failed over.
(0x01000000:Name ):SocketException = (
(0x03000000:NameValue):File = 'F:\build\S610_P\src\WebServices\WSLibrary\ImbSocket.cpp' (CHARACTER)
(0x03000000:NameValue):Line = 1007 (INTEGER)
(0x03000000:NameValue):Function = 'ImbSocketJNIManager::handleGeneralJavaException' (CHARACTER)
(0x03000000:NameValue):Type = '' (CHARACTER)
(0x03000000:NameValue):Name = '' (CHARACTER)
(0x03000000:NameValue):Label = '' (CHARACTER)
(0x03000000:NameValue):Catalog = 'BIPv610' (CHARACTER)
(0x03000000:NameValue):Severity = 3 (INTEGER)
(0x03000000:NameValue):Number = 3165 (INTEGER)
(0x03000000:NameValue):Text = 'An error occurred whilst performing an SSL socket operation' (CHARACTER)
(0x01000000:Name ):Insert = (
(0x03000000:NameValue):Type = 5 (INTEGER)
(0x03000000:NameValue):Text = 'connect' (CHARACTER)
)
(0x01000000:Name ):Insert = (
(0x03000000:NameValue):Type = 5 (INTEGER)
(0x03000000:NameValue):Text = 'java.net.SocketException: Connection reset' (CHARACTER)
In this situation we are ending up with either killing the execution group or restarting the broker.
Does any one came accross this issue? or any idea?
Broker version level - 6.1.0.4
[/quote] |
|
| Back to top |
|
 |
| hopsala |
| Posted: Mon Aug 17, 2009 8:49 am Post subject: Re: Two way ssl communication problem |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
What does your flow do? What are the nodes involved? What are their properties?
Normally I would advise you to try the same flow without SSL, and only then enable SSL, so you at least know whether your initial setup works. However:
| napier wrote: |
| In this situation we are ending up with either killing the execution group or restarting the broker. |
 This really shouldn't happen, no matter what your configuration is. I would open a PMR post-haste if I were you.
Good luck |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Aug 17, 2009 10:09 am Post subject: Re: Two way ssl communication problem |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| hopsala wrote: |
| This really shouldn't happen, no matter what your configuration is. I would open a PMR post-haste if I were you. |
It shouldn't be necessary in general, no.
It's entirely possible to cause this to be necessary by various things.
Napier - it seems only to be expected that when a source system fails, that any network connections to that system get dropped! It went away!
If you have failed to code your flows to handle this so that connections can be retried, through any number of various means, then you should re-examine your code to see what you can do to improve this.
Or give us much more detail about how this connection is created, to what node in Broker, how you expect this to work when the connection fails, and what you are really trying to do. |
|
| Back to top |
|
|
| napier |
| Posted: Tue Aug 18, 2009 10:09 am Post subject: |
|
|
Apprentice
Joined: 09 Oct 2007
Posts: 48
Location: USA
|
Thaks for your response.
MQINPUT----> Compute-----> HTTP Request node-----> MQ output.
In compute node i am building the request message based on the request message and the certificate we submit during ssl communication source system will give the response.
The response will be different for the same request for different certificates we submit.
So we setted this ssl communication in 2 execution groups with 2 different certificates for the same source system.
This setup works fine without any problem.
When the source system failed over we were getting the following exception
java.net.SocketException: Connection reset
At this point stop/start flow or redeploy the flow also won't working. Only killing execution group or restarting broker works. |
|
| Back to top |
|
|
| Mut1ey |
| Posted: Tue Aug 18, 2009 12:26 pm Post subject: |
|
|
Acolyte
Joined: 07 Oct 2005
Posts: 74
Location: England
|
[quote="napier"
At this point stop/start flow or redeploy the flow also won't working. Only killing execution group or restarting broker works.[/quote]
I assume you mean, "reload" the execution group. What do you mean by "killing" the execution group?
And am I correct to, again, assume that you are using HTTP/S? |
|
| Back to top |
|
|
| napier |
| Posted: Tue Aug 18, 2009 1:12 pm Post subject: |
|
|
Apprentice
Joined: 09 Oct 2007
Posts: 48
Location: USA
|
Yes i am using hhtps.
Reloading execution group. |
|
| Back to top |
|
|
| Mut1ey |
| Posted: Tue Aug 18, 2009 1:51 pm Post subject: |
|
|
Acolyte
Joined: 07 Oct 2005
Posts: 74
Location: England
|
| Quote: |
| Napier - it seems only to be expected that when a source system fails, that any network connections to that system get dropped! It went away! |
I have to agree with Jeff. SSL sits on top of your comms layer. Your app and Message broker are talking on the phone, and ooops, there is a fail over. You have to end the call and re-establish it. It does not happen by magic. One end - the application or MB will need to end the broken call, and attempt to re-establish a new one. There is no way around it. At the network level, sequences will be out of whack, so comms will effectively stop until some programmatic or manual intervention. In your case - manually stopping the flows for long enough so that the application ends it's call and then re-starting will work - and does.
You either accept this, or you code around it. |
|
| Back to top |
|
|
|
|
