https用のJettyでRestlet 2.1.2および2.2 M3を使用しています(Simple Frameworkも使用しています)。私が使用している証明書は Comodo によって署名されています。
AddTrust ルート証明書と Comodo 中間証明書の両方をjre/lib/security/cacerts(openjdk 7) に追加しました。それらが正しいものであることを確認するために、サーバーにリクエストを行った後、Firefox からそれらをエクスポートしました。トラストストアとして cacerts を使用しており、証明書と秘密鍵を追加した別のキーストア ファイルがあります。
前述のように、サーバーに https リクエストを送信する前は、最初は Firefox を使用していました。Firefox は応答を取得し、証明書は有効で受け入れられます。ただし、サーバーは応答を送信しましたが、接続を適切に処理できないようです。
興味深いと思われるログ (デバッグ モード) の一部を次に示します。
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=6 lim=6 cap=16921], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL engine result: Status = OK HandshakeStatus = FINISHED
bytesConsumed = 0 bytesProduced = 69
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL connection: OPEN | true | Interest= READ , Ready=READ , Canceling=false | 1d7f705[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | Status = BUFFER_OVERFLOW HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 69 bytes filled into buffer
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=69 lim=16921 cap=16921], FILLING, false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=0 lim=69 cap=16921], DRAINING, false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 69 bytes drained from buffer, 0 remaining bytes
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=69 lim=69 cap=16921], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true. Result: 75, try again: false, can loop: true, total filled: 75
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: FINISHED
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way setIoState
FINER: InboundWay#setIoState: INTEREST
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way setIoState
FINER: OutboundWay#setIoState: IDLE
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.OutboundWay onDrain
FINER: 75 bytes written
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 75 bytes drained from buffer at pre-processing, 0 remaining bytes
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true. Result: 75, try again: true, can loop: false, total filled: 0
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: NOT_HANDSHAKING
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Outbound way selected. Done for : IDLE, IDLE, java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: helper.control()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: controlConnections()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController controlConnection
FINEST: Connection status: OPEN | true | Interest= READ , Ready=NONE , Canceling=false | f4af1e[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | null
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController controlConnection
FINEST: Connection status: OPEN | true | Interest= READ , Ready=READ , Canceling=false | 1d7f705[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | null
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Connection updateState
FINEST: Old connection NIO interest: Interest= READ , Ready=READ , Canceling=false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Connection updateState
FINEST: New connection NIO interest: Interest= READ , Ready=NONE , Canceling=false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: registerKeys()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: updateKeys()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: selectKeys(60000)
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController selectKeys
FINER: NIO controller about to sleep 60000 ms, selecting among 3 keys...
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController selectKeys
FINER: NIO controller selected 1 key(s) !
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController onSelected
FINEST: NIO selection detected for key: Interest= READ , Ready=NONE , Canceling=false
さらに数行後、よく知られている例外がスローされます。
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.restlet.ext.ssl.internal.SslConnection.getSslClientCertificates(SslConnection.java:186)
at org.restlet.ext.ssl.internal.HttpsInboundRequest.<init>(HttpsInboundRequest.java:71)
at org.restlet.ext.ssl.HttpsServerHelper.createRequest(HttpsServerHelper.java:129)
at org.restlet.engine.connector.ServerInboundWay.readStartLine(ServerInboundWay.java:208)
at org.restlet.engine.connector.InboundWay.onDrain(InboundWay.java:249)
at org.restlet.engine.io.Buffer.process(Buffer.java:557)
at org.restlet.engine.connector.Way.processIoBuffer(Way.java:503)
at org.restlet.engine.connector.InboundWay.processIoBuffer(InboundWay.java:360)
at org.restlet.engine.connector.Way.onSelected(Way.java:456)
at org.restlet.util.SelectionRegistration.onSelected(SelectionRegistration.java:325)
at org.restlet.engine.connector.Connection.onSelected(Connection.java:612)
at org.restlet.util.SelectionRegistration.onSelected(SelectionRegistration.java:325)
at org.restlet.engine.connector.ConnectionController.onSelected(ConnectionController.java:219)
at org.restlet.engine.connector.ServerConnectionController.onSelected(ServerConnectionController.java:99)
at org.restlet.engine.connector.ConnectionController.selectKeys(ConnectionController.java:308)
at org.restlet.engine.connector.ConnectionController.doRun(ConnectionController.java:171)
at org.restlet.engine.connector.Controller.run(Controller.java:159)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
そして、サーバーは次のようないくつかのログ行で作業を続けているようです: FINER: Handling SSL handshake: NOT_HANDSHAKING
その後、通帳のiPhoneアプリ(通帳のWebサービスを目指しています)から接続しようとしたところ、サーバーが抜け出せないループに陥ってしまったようです。
ログ行の一部を次に示します。
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true. Result: -1, try again: false, can loop: true, total filled: 0
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: CLOSED
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Connection close
FINER: Closing connection to /83.235.173.2:19708 gracefully
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.OutboundWay onDrain
FINER: -1 bytes written
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: -1 bytes drained from buffer at pre-processing, 0 remaining bytes
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true. Result: -1, try again: false, can loop: true, total filled: 0
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: NOT_HANDSHAKING
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Outbound way selected. Done for : READY, IDLE, java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Connection onSelected
FINEST: Entering into a connection READY loop
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Processing IO for outbound way: READY, IDLE, java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Beginning process of buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Beginning process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 0 bytes drained from buffer at pre-processing, 16921 remaining bytes
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL engine result: Status = CLOSED HandshakeStatus = NOT_HANDSHAKING
そして、このループは無限にあるようです。また、CPU 負荷が 100% に達します。