Is your feature request related to a problem? Please describe. In

ok, try this one: <a href="https://output.circle-artifacts.com/output/job/bf9907a6-221

Adding javax.net.ssl.SSLSocket and javax.net.ssl.SSLSocketFactory?,about babashka/babashka

Comments (33)

borkdude commented on May 24, 2024

I'll take a look on Monday

from babashka.

borkdude commented on May 24, 2024

Can you give a full standalone snippet of the usage, so I can write a test?

from babashka.

i-blis commented on May 24, 2024

Sure. Assuming a reverse echo SSL socket server running on localhost on port 4444 (see below), this should do:

(import [java.io BufferedWriter BufferedReader OutputStreamWriter InputStreamReader]
       [javax.net.ssl SSLSocket SSLSocketFactory]))

(let [server "localhost"
      port 4444
      socket (doto (.createSocket (SSLSocketFactory/getDefault) server port)
               .startHandshake)
      writer (BufferedWriter. (OutputStreamWriter. (.getOutputStream socket)))
      reader (BufferedReader. (InputStreamReader.  (.getInputStream socket)))        
      _ (do (.write writer "OK\n") (.flush writer))
      response (.readLine reader)
      _ (.close socket)]
  (= response "KO"))

This assumes a reverse echo server like the following one:

openssl req -subj "/C=GB" -x509 -nodes -days 365 -newkey rsa -keyout keyfile.key -out certfile.crt
openssl s_server -accept 4444 -rev -key keyfile.key -cert certfile.crt

For the handshake to succeed, the pem file should either be imported with keytool (which is how I test on my local machine) or loaded directly from the Clojure code. You could also test without the handshake, but that misses the point, I guess.

This is how I get the pemfile from the running server and import it for the JVM to know about it.

openssl s_client -showcerts -connect localhost:4444 </dev/null 2>/dev/null | openssl x509 -outform PEM > localhost.pem
$JAVA_HOME/bin/keytool -import -trustcacerts -file tmp/localhost.pem -alias localhost -keystore $JAVA_HOME/lib/security/cacerts

Probably not very convenient to implement a test. I may try to find a better idea, if necessary.

(By the way, I take the opportunity to thank you for all your great work with and around babashka).

from babashka.

borkdude commented on May 24, 2024

Which OS are you using? Then I can point you to a version that contains the above classes so you can test yourself.

from babashka.

borkdude commented on May 24, 2024

Thanks btw!

from babashka.

i-blis commented on May 24, 2024

I am using Mac OS (albeit an older one 10.13). I can test on Linux, if necessary.

(I forgot a (.flush writer) in the code above. Adding it now).

from babashka.

borkdude commented on May 24, 2024

m1 or intel?

from babashka.

i-blis commented on May 24, 2024

Intel. (You're welcome btw :))

from babashka.

borkdude commented on May 24, 2024

ok, try this one: https://output.circle-artifacts.com/output/job/bf9907a6-2219-4832-b071-53700d11d2e3/artifacts/0/release/babashka-1.3.189-SNAPSHOT-macos-amd64.tar.gz

from babashka.

i-blis commented on May 24, 2024

Oops. It was probably compiled for a newer version of MacOS. I run 10.13 (High Sierra).

 ./bb
dyld: cannot load 'bb' (load command 0x80000034 is unknown)
Abort trap: 6

Interestingly enough, I run a pretty recent version of babashka (v0.8.156). Meaning your default compilation pipeline targets my system.

from babashka.

borkdude commented on May 24, 2024

0.8.166 is from 2022-06-08, I wouldn't call that pretty recent :)

You can also test on linux x64:

https://output.circle-artifacts.com/output/job/4647417b-9777-42b1-bf14-0cd5a96efffe/artifacts/0/release/babashka-1.3.189-SNAPSHOT-linux-amd64.tar.gz

from babashka.

borkdude commented on May 24, 2024

The bb you just tried is compiled using xcode "15.2.0". I don't know how backward compatibility works on macos. I can try an older xcode and see if that works (https://circleci.com/docs/using-macos/#supported-xcode-versions-intel)

from babashka.

borkdude commented on May 24, 2024

@i-blis Please try this one for macOS, I compiled it using xcode 12.5.1, perhaps it helps:

https://output.circle-artifacts.com/output/job/9b113341-58be-4280-a57a-3be3ae6d3956/artifacts/0/release/babashka-1.3.189-SNAPSHOT-macos-amd64.tar.gz

from babashka.

i-blis commented on May 24, 2024

This one launches. Thanks.

from babashka.

borkdude commented on May 24, 2024

And does it also work for your program above?

from babashka.

i-blis commented on May 24, 2024

I got clojure.lang.ExceptionInfo: Method createSocket on class sun.security.ssl.SSLSocketFactoryImpl not allowed!.

(Please do not ruin your evening with it :))

EDIT whole stacktrace:

 at sci.impl.utils$rethrow_with_location_of_node.invokeStatic (utils.cljc:135)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)

from babashka.

borkdude commented on May 24, 2024

This is a solvable problem, hold on. (There might be other similar ones later on, but we'll get there).

from babashka.

borkdude commented on May 24, 2024

Try this one and report back: https://output.circle-artifacts.com/output/job/bb481147-ec43-4f0c-896f-9a5008679897/artifacts/0/release/babashka-1.3.189-SNAPSHOT-macos-amd64.tar.gz

from babashka.

i-blis commented on May 24, 2024

(There might be other similar ones later on, but we'll get there).

Indeed :) :

clojure.lang.ExceptionInfo: startHandshake
{:type :sci/error, :line 1, :column 1, :message "startHandshake", :sci.impl/callstack #object[clojure.lang.Volatile 0x1ce51795 {:status :ready, :val ({:line 1, :column 1, :ns #object[sci.lang.Namespace 0x75e24969 "sslsocket"], :file "/Users/fra/notes/scraps/ssl_socket.clj", :special true})}], :file "/Users/fra/notes/scraps/ssl_socket.clj"}
 at sci.impl.utils$rethrow_with_location_of_node.invokeStatic (utils.cljc:135)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)
Caused by: java.lang.NoSuchFieldException: startHandshake
 at java.lang.Class.checkField (DynamicHub.java:1041)
    java.lang.Class.getField (DynamicHub.java:1026)
    sci.impl.interop$invoke_instance_field.invokeStatic (interop.cljc:20)
    sci.impl.interop$invoke_instance_method.invokeStatic (interop.cljc:49)
    sci.impl.evaluator$eval_instance_method_invocation.invokeStatic (evaluator.cljc:155)
    sci.impl.analyzer$analyze_dot$reify__4345.eval (analyzer.cljc:1055)
    sci.impl.analyzer$return_do$reify__3979.eval (analyzer.cljc:130)
    sci.impl.analyzer$analyze_let_STAR_$reify__4234.eval (analyzer.cljc:627)
    sci.impl.analyzer$analyze_let_STAR_$reify__4242.eval (analyzer.cljc:689)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)

(I realise now that I have been running a pretty old version of babashka on my home computer. Time to break the piggy bank in order to buy a new machine and update the OS!).

from babashka.

borkdude commented on May 24, 2024

Try writing (doto ... (.startHandshake))

from babashka.

i-blis commented on May 24, 2024

Same exception :(

from babashka.

borkdude commented on May 24, 2024

Can you do (prn (class ...)) instead of (doto ...) to see which class this is?

from babashka.

i-blis commented on May 24, 2024

Sure: sun.security.ssl.SSLSocketImpl

from babashka.

borkdude commented on May 24, 2024

OK, will post another version tomorrow.

from babashka.

i-blis commented on May 24, 2024

Thanks again.

from babashka.

borkdude commented on May 24, 2024

Try this one and please report back:

https://output.circle-artifacts.com/output/job/76e3230b-2a61-4856-ab6e-4ae4b0441401/artifacts/0/release/babashka-1.3.189-SNAPSHOT-macos-amd64.tar.gz

from babashka.

i-blis commented on May 24, 2024

Thanks.

Now throws clojure.lang.ExceptionInfo: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 at sun.security.ssl.Alert.createSSLException (Alert.java:130)
    sun.security.ssl.TransportContext.fatal (TransportContext.java:378)
    sun.security.ssl.TransportContext.fatal (TransportContext.java:321)
    sun.security.ssl.TransportContext.fatal (TransportContext.java:316)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts (CertificateMessage.java:1318)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate (CertificateMessage.java:1195)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume (CertificateMessage.java:1138)
    sun.security.ssl.SSLHandshake.consume (SSLHandshake.java:393)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:476)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:447)
    sun.security.ssl.TransportContext.dispatch (TransportContext.java:201)
    sun.security.ssl.SSLTransport.decode (SSLTransport.java:172)
    sun.security.ssl.SSLSocketImpl.decode (SSLSocketImpl.java:1506)
    sun.security.ssl.SSLSocketImpl.readHandshakeRecord (SSLSocketImpl.java:1421)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:455)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:426)
    java.lang.reflect.Method.invoke (Method.java:580)
    sci.impl.Reflector.invokeMatchingMethod (Reflector.java:172)
    sci.impl.interop$invoke_instance_method.invokeStatic (interop.cljc:56)
    sci.impl.evaluator$eval_instance_method_invocation.invokeStatic (evaluator.cljc:155)
    sci.impl.analyzer$analyze_dot$reify__4345.eval (analyzer.cljc:1055)
    sci.impl.analyzer$return_do$reify__3979.eval (analyzer.cljc:130)
    sci.impl.analyzer$analyze_let_STAR_$reify__4234.eval (analyzer.cljc:627)
    sci.impl.analyzer$analyze_let_STAR_$reify__4242.eval (analyzer.cljc:689)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild (PKIXValidator.java:388)
    sun.security.validator.PKIXValidator.engineValidate (PKIXValidator.java:271)
    sun.security.validator.Validator.validate (Validator.java:256)
    sun.security.ssl.X509TrustManagerImpl.checkTrusted (X509TrustManagerImpl.java:230)
    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:132)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts (CertificateMessage.java:1302)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate (CertificateMessage.java:1195)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume (CertificateMessage.java:1138)
    sun.security.ssl.SSLHandshake.consume (SSLHandshake.java:393)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:476)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:447)
    sun.security.ssl.TransportContext.dispatch (TransportContext.java:201)
    sun.security.ssl.SSLTransport.decode (SSLTransport.java:172)
    sun.security.ssl.SSLSocketImpl.decode (SSLSocketImpl.java:1506)
    sun.security.ssl.SSLSocketImpl.readHandshakeRecord (SSLSocketImpl.java:1421)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:455)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:426)
    java.lang.reflect.Method.invoke (Method.java:580)
    sci.impl.Reflector.invokeMatchingMethod (Reflector.java:172)
    sci.impl.interop$invoke_instance_method.invokeStatic (interop.cljc:56)
    sci.impl.evaluator$eval_instance_method_invocation.invokeStatic (evaluator.cljc:155)
    sci.impl.analyzer$analyze_dot$reify__4345.eval (analyzer.cljc:1055)
    sci.impl.analyzer$return_do$reify__3979.eval (analyzer.cljc:130)
    sci.impl.analyzer$analyze_let_STAR_$reify__4234.eval (analyzer.cljc:627)
    sci.impl.analyzer$analyze_let_STAR_$reify__4242.eval (analyzer.cljc:689)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build (SunCertPathBuilder.java:148)
    sun.security.provider.certpath.SunCertPathBuilder.engineBuild (SunCertPathBuilder.java:129)
    java.security.cert.CertPathBuilder.build (CertPathBuilder.java:297)
    sun.security.validator.PKIXValidator.doBuild (PKIXValidator.java:383)
    sun.security.validator.PKIXValidator.engineValidate (PKIXValidator.java:271)
    sun.security.validator.Validator.validate (Validator.java:256)
    sun.security.ssl.X509TrustManagerImpl.checkTrusted (X509TrustManagerImpl.java:230)
    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:132)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts (CertificateMessage.java:1302)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate (CertificateMessage.java:1195)
    sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume (CertificateMessage.java:1138)
    sun.security.ssl.SSLHandshake.consume (SSLHandshake.java:393)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:476)
    sun.security.ssl.HandshakeContext.dispatch (HandshakeContext.java:447)
    sun.security.ssl.TransportContext.dispatch (TransportContext.java:201)
    sun.security.ssl.SSLTransport.decode (SSLTransport.java:172)
    sun.security.ssl.SSLSocketImpl.decode (SSLSocketImpl.java:1506)
    sun.security.ssl.SSLSocketImpl.readHandshakeRecord (SSLSocketImpl.java:1421)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:455)
    sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:426)
    java.lang.reflect.Method.invoke (Method.java:580)
    sci.impl.Reflector.invokeMatchingMethod (Reflector.java:172)
    sci.impl.interop$invoke_instance_method.invokeStatic (interop.cljc:56)
    sci.impl.evaluator$eval_instance_method_invocation.invokeStatic (evaluator.cljc:155)
    sci.impl.analyzer$analyze_dot$reify__4345.eval (analyzer.cljc:1055)
    sci.impl.analyzer$return_do$reify__3979.eval (analyzer.cljc:130)
    sci.impl.analyzer$analyze_let_STAR_$reify__4234.eval (analyzer.cljc:627)
    sci.impl.analyzer$analyze_let_STAR_$reify__4242.eval (analyzer.cljc:689)
    sci.impl.interpreter$eval_form.invokeStatic (interpreter.cljc:40)
    sci.core$eval_form.invokeStatic (core.cljc:344)
    babashka.nrepl.impl.server$eval_msg$fn__27804$fn__27805.invoke (server.clj:108)
    babashka.nrepl.impl.server$eval_msg$fn__27804.invoke (server.clj:104)
    babashka.nrepl.impl.server$eval_msg.invokeStatic (server.clj:94)
    babashka.nrepl.impl.server$fn__27908.invokeStatic (server.clj:373)
    babashka.nrepl.impl.server/fn (server.clj:373)
    clojure.lang.MultiFn.invoke (MultiFn.java:239)
    babashka.nrepl.server.middleware$default_process_msg.invokeStatic (middleware.clj:13)
    babashka.nrepl.server.middleware$wrap_process_message$fn__27974.invoke (middleware.clj:31)
    clojure.core$completing$fn__8528.invoke (core.clj:6931)
    clojure.core$map$fn__5931$fn__5932.invoke (core.clj:2759)
    babashka.nrepl.impl.server$session_loop.invokeStatic (server.clj:445)
    babashka.nrepl.impl.server$listen$fn__27958.invoke (server.clj:465)
    sci.impl.vars$binding_conveyor_fn$fn__440.invoke (vars.cljc:133)
    clojure.core$binding_conveyor_fn$fn__5823.invoke (core.clj:2047)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:317)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    java.lang.Thread.runWith (Thread.java:1596)
    java.lang.Thread.run (Thread.java:1583)
    com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine (PlatformThreads.java:833)
    com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine (PosixPlatformThreads.java:211)

from babashka.

borkdude commented on May 24, 2024

Try recommendations from this page:

https://www.graalvm.org/latest/reference-manual/native-image/dynamic-features/CertificateManagement/

from babashka.

i-blis commented on May 24, 2024

Looks good (1) and still-not-there (2).

When testing against a production IMAP server (as shown below) does not throw any exception and connects.

(let [{:keys [host port ssl]} config
      context (doto (SSLContext/getInstance "TLSv1.2")
                (.init nil nil (java.security.SecureRandom.)))
      factory (.getSocketFactory context)
      socket (.createSocket factory host port)
      _ (.startHandshake socket)]
  (-> socket .isConnected))
;; => true

or, equivalently (setting TLS just for the given instance as we did before),

(let [{:keys [host port ssl]} config
      socket (doto (.createSocket (SSLSocketFactory/getDefault) host port)
               (.setEnabledProtocols (into-array String ["TLSv1.2"]))
               (.startHandshake))]
  (-> socket .isConnected))
;; => true

But when testing against the test reverse echo openssl server, it throws, even after I set the javax.net.ssl.trustStore property.

(System/setProperty
 "javax.net.ssl.trustStore"
 "/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security/cacerts")

from babashka.

borkdude commented on May 24, 2024

Maybe it helps when doing on the command line:

bb -Djavax.net.ssl.trustStore=...

from babashka.

borkdude commented on May 24, 2024

@i-blis I would merge what I have in the branch if this is useful to you, or else I'll wait a bit. I want to do a new release on Thursday probably.

from babashka.

i-blis commented on May 24, 2024

Thanks for the command line option, I did not think of it. Unsurprisingly, it doesn't change much.

All in all I am very happy with how it works at the moment. I could connect to two IMAP servers over SSL (TLS v1.2 and v1.3) and a custom raw bytes SSL socket running in our lab. It is seems to work pretty well. I am confident it could be useful to others.

I couldn't figure out the problem with the test openssl server. Encryption is hard, as they say.

Thanks again a lot for your reactivity.

from babashka.

i-blis commented on May 24, 2024

As far as I am concerned, you could very well close the issue. It works as expected in real use cases. We even got an up-to-date build that works on MacOS 10.13, as a bonus. Thanks again for your patience and all.

from babashka.

Adding javax.net.ssl.SSLSocket and javax.net.ssl.SSLSocketFactory? about babashka HOT 33 CLOSED

Comments (33)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent