Announcement

Collapse
No announcement yet.

Could not convert socket to TLS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Could not convert socket to TLS

    Hy@everybody,

    Since approximately 2 weeks our UberSVN-Server is not able to send a mail ("Could not send email: Could not convert socket to TLS"). The setup was never change and had always worked well.

    I found a similar thread (sorry for reposting but no one answered my question) in this forum but we could not get it to work!

    I tried to reproduce the step from post 03-29-2012, 06:12 PM in this thread but i have some troubles.

    What works for now:
    -) We have successfully created a uber_keystore-file from our *.cer-file with our own password

    What does not work:
    -) We are not able to add the -Djavax.net.ssl.trustStore=C:/ubersvn/conf/uber_keystore to JAVA_OPTS because we can not find the C:/ubersvn/bin/ubersvncontrol file.
    -) The kesystore file is encrypted by a password (keytool.exe force to you a password) -where to set the password that ubersvn now how to decrypt it??

    My UberSVN-system:
    OS: Win 2008 R2 Server x64
    UberSVN-Version:12.4-9777 - SVN 1.7

    So can anybody help me? It is a very big problem for us!

    Thanks in advance
    Greetings
    Mike

  • #2
    Has nobody at WanDisco an solution for my problem?

    Comment


    • #3
      It works differently on Windows (unsurprisingly.) The Java options are stored in the registry, so you will have to edit the service.bat file and reinstall the service by calling service.bat remove and then service.bat install

      Comment


      • #4
        I'm having a similar problem as MikeA. I'm running on Windows 7, UberSVN:12.7-0693 SVN - 1.7

        I get the same email error: Could not convert socket to TLS

        Could someone clarify exactly where in the service.bat file the above code should go? Here is the service.bat contents for reference:

        Code:
        @echo off
        
        if "%OS%" == "Windows_NT" setlocal
        
        set "CURRENT_DIR=%cd%"
        set "CATALINA_HOME=%cd%"
        if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome
        cd ..
        set "CATALINA_HOME=%cd%"
        :gotHome
        if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome
        echo The tomcat.exe was not found...
        echo The CATALINA_HOME environment variable is not defined correctly.
        echo This environment variable is needed to run this program
        goto end
        rem Make sure prerequisite environment variables are set
        if not "%JAVA_HOME%" == "" goto okHome
        echo The JAVA_HOME environment variable is not defined
        echo This environment variable is needed to run this program
        goto end 
        :okHome
        if not "%CATALINA_BASE%" == "" goto gotBase
        set "CATALINA_BASE=%CATALINA_HOME%"
        :gotBase
         
        set "EXECUTABLE=%CATALINA_HOME%\bin\tomcat6.exe"
        set "JAVA_HOME=%CATALINA_BASE%\..\jre"
        
        rem Set default Service name
        set SERVICE_NAME=uberSVNportal
        set PR_DISPLAYNAME=WANdisco uberSVN Portal
        
        if "%1" == "" goto displayUsage
        if "%2" == "" goto setServiceName
        set SERVICE_NAME=%2
        set PR_DISPLAYNAME=Apache Tomcat %2
        :setServiceName
        if %1 == install goto doInstall
        if %1 == remove goto doRemove
        if %1 == uninstall goto doRemove
        echo Unknown parameter "%1"
        :displayUsage
        echo.
        echo Usage: service.bat install/remove [service_name]
        goto end
        
        :doRemove
        rem Remove the service
        "%EXECUTABLE%" //DS//%SERVICE_NAME%
        echo The service '%SERVICE_NAME%' has been removed
        goto end
        
        :doInstall
        rem Install the service
        echo Installing the service '%SERVICE_NAME%' ...
        echo Using CATALINA_HOME:    "%CATALINA_HOME%"
        echo Using CATALINA_BASE:    "%CATALINA_BASE%"
        echo Using JAVA_HOME:        "%JAVA_HOME%"
        
        rem Use the environment variables as an example
        rem Each command line option is prefixed with PR_
        
        set PR_DESCRIPTION=WANdisco uberSVN Portal
        set "PR_INSTALL=%EXECUTABLE%"
        set "PR_LOGPATH=%CATALINA_BASE%\..\data\logs"
        set "PR_CLASSPATH=%CATALINA_BASE%\bin\tomcat-juli.jar;%CATALINA_HOME%\bin\tomcat-juli.jar;%CATALINA_HOME%\bin\bootstrap.jar"
        rem Set the server jvm from JAVA_HOME
        set "PR_JVM=%JAVA_HOME%\bin\server\jvm.dll"
        if exist "%PR_JVM%" goto foundJvm
        rem Set the client jvm from JAVA_HOME
        set "PR_JVM=%JAVA_HOME%\bin\client\jvm.dll"
        if exist "%PR_JVM%" goto foundJvm
        set PR_JVM=auto
        :foundJvm
        echo Using JVM:              "%PR_JVM%"
        "%EXECUTABLE%" //IS//%SERVICE_NAME% --StartClass org.apache.catalina.startup.Bootstrap --StopClass org.apache.catalina.startup.Bootstrap --StartParams start --StopParams stop
        if not errorlevel 1 goto installed
        echo Failed installing '%SERVICE_NAME%' service
        goto end
        :installed
        rem Clear the environment variables. They are not needed any more.
        set PR_DISPLAYNAME=
        set PR_DESCRIPTION=
        set PR_INSTALL=
        set PR_LOGPATH=
        set PR_CLASSPATH=
        set PR_JVM=
        rem Set extra parameters
        "%EXECUTABLE%" //US//%SERVICE_NAME% --JvmOptions "-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed" --StartMode jvm --StopMode jvm
        rem More extra parameters
        set "PR_LOGPATH=%CATALINA_BASE%\..\data\logs"
        set PR_STDOUTPUT=auto
        set PR_STDERROR=auto
        "%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties;-Dfile.encoding=UTF-8;-XX:MaxPermSize=256m" --JvmMs 128 --JvmMx 1024
        echo The service '%SERVICE_NAME%' has been installed.
        
        :end
        cd "%CURRENT_DIR%"

        I've tried the following:

        Line 89
        Code:
        "%EXECUTABLE%" //US//%SERVICE_NAME% --JvmOptions "-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed;-Djavax.net.ssl.trustStore=%CATALINA_BASE%\conf\uber_keystore;-Djavax.net.ssl.trustStorePassword=pringles" --StartMode jvm
        or

        Line 94
        Code:
        "%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties;-Dfile.encoding=UTF-8;-XX:MaxPermSize=256m;-Djavax.net.ssl.trustStore=%CATALINA_BASE%\conf\uber_keystore;-Djavax.net.ssl.trustStorePassword=pringles" --JvmMs 128 --JvmMx 1024

        But when I've tried these options, I get issues with uberSVN portal. See this thread: http://www.svnforum.org/threads/4187...do-not-display
        Thanks!
        Austin
        Last edited by austinm; 08-31-2012, 06:18 PM.

        Comment


        • #5
          Hi Austin - now that the tab display issue is fixed are you still experiencing the same problems? Just trying to remove the dependencies a little here so we can see what the actual issues are.

          Thanks,
          Rich

          Comment


          • #6
            Originally posted by austinm View Post
            But when I've tried these options, I get issues with uberSVN portal. See this thread: http://www.svnforum.org/threads/4187...do-not-display
            Specifying a truststore in this way overrides the built-in Java truststore called "cacerts." If SSL breaks in other parts of the product it probably means that your truststore only has your certificate in it when you also need the ones from the built-in Java cacerts truststore.

            I would try creating the truststore with the -trustcacerts option passed into the keytool command.

            Just FYI, if you wanted to upgrade to the latest version of uberSVN, we now provide a place in the UI to specify your truststore so that you no longer have to mess about with your service.bat file, as shown in this screenshot:

            Comment


            • #7
              Hy austinm, hy mbooth,

              i have seen that you could fix the "Could not convert socket to TLS"-problem. I have tried to rebuild this steps but i can't fix it in my environment.

              What i have done:
              -) Getting a fresh certificate from our administrator (exchange.cer)
              -) Create a truststore with the keytool from UberSVN ( "C:\Programs\WANdisco\uberSVN\jre\bin\keytool" -importcert -alias MailServer -file "C:\CreateUberKeyStore\exchange.cer" -keystore "C:\Programs\WANdisco\uberSVN\conf\uber_keysto re" -trustcacerts )
              -) Use the new UI-possibility to add the trust store (see post #6 in this thread)

              At the moment i still get the "Could not convert socket to TLS" error - so what i'm doing wrong?

              I also tried to add the truststore in the settings.bat file but i get the same troubles like austinm (post #4)

              Please can you make a little step by step tutorial, that would be very nice

              Thanks in advance
              Greetings
              Mike

              Comment


              • #8
                Hi MikeA-

                If I recall correctly, I ended up importing my certificate to Java directly, via Control Panel. I'm sorry I don't recall the exact steps. This did enable uberSVN to send emails, but what I was really after was a detailed post-commit email, which I ended doing via the post-commit hook and "blat" email program.

                Comment


                • #9
                  Originally posted by mbooth View Post
                  Specifying a truststore in this way overrides the built-in Java truststore called "cacerts." If SSL breaks in other parts of the product it probably means that your truststore only has your certificate in it when you also need the ones from the built-in Java cacerts truststore.

                  I would try creating the truststore with the -trustcacerts option passed into the keytool command.

                  Just FYI, if you wanted to upgrade to the latest version of uberSVN, we now provide a place in the UI to specify your truststore so that you no longer have to mess about with your service.bat file, as shown in this screenshot:

                  I've created the truststore with my exchange certificate as well as the trustcacerts option, then specified it in the GUI.

                  I'm still unable to send emails.

                  Comment

                  Working...
                  X