I've a c application that uses a remote axis web service, when I connect to service using http protocol there is no problem, but when I want to use ssl, I can't call service operations & it just returns NULL.
here is part of my axis2.xml for client application:
<transportReceiver name="http" class="axis2_http_receiver">
<parameter name="port" locked="false">6060</parameter>
<parameter name="exposeHeaders" locked="true">false</parameter>
</transportReceiver>
<transportReceiver name="https" class="axis2_http_receiver">
<parameter name="port" locked="false">6060</parameter>
<parameter name="exposeHeaders" locked="true">false</parameter>
</transportReceiver>
<transportSender name="http" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="xml-declaration" insert="false"/>
<!--parameter name="Transfer-Encoding">chunked</parameter-->
<!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
<!--parameter name="PROXY" proxy_host="127.0.0.1" proxy_port="8080" proxy_username="" proxy_password="" locked="true"/-->
</transportSender>
<transportSender name="https" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="xml-declaration" insert="false"/>
</transportSender>
is it any error with this configurations? do I need something more?
my server uses a self-signed certificate, can it cause the problem?
Another question is that if I want to enable client authentication, How can I pass required parameters (SERVER_CERT, KEY_FILE, SSL_PASSPHRASE) programmatically in my code (& not in axis2.xml)?
EDIT :
I succeed to connect to service via normal SSL (with no client authentication), but when I want to use client authentication, client fails with the following log:
[Sun Mar 16 12:49:10 2014] [info] Starting addressing out handler
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\modules\mod_addr\addr_out_handler.c(133) No action present. Stop processing addressing
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_transport_sender.c(246) ctx_epr:https://mysite.com/axis2/services/myService
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_transport_sender.c(805) using axis2 native http sender.
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_sender.c(416) msg_ctx_id:urn:uuid:fe18bf10-6611-4af9-85f6-b062bd7eb231
[Sun Mar 16 12:49:14 2014] [debug] ..\..\src\core\transport\http\sender\http_client.c(571) http client , response timed out
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\transport\http\sender\http_client.c(574) Response timed out
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\transport\http\sender\http_sender.c(1381) status_code < 0
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\engine\engine.c(179) Transport sender invoke failed
It was in fact a server side problem that occurred in Apache SSL engine! When I looked at apache error log, I saw following error:
[Sun Mar 16 13:33:43 2014] [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
According to mod_ssl documentation, this problem was because my axis libraries was build with old version of openssl:
If mod_ssl is linked against OpenSSL version 0.9.8m or later, by default renegotiation is only supported with clients supporting the new protocol extension. If this directive is enabled, renegotiation will be allowed with old (unpatched) clients, albeit insecurely.
So I just recompiled axis libraries with newer version of OpenSSL & everything is OK now!
Of course there is another unsafe solution that is adding following line to the virtual host section of Apache config file:
SSLInsecureRenegotiation ON
since enabling SSLInsecureRenegotiation can cause man in the middle attack, it is NOT a secure solution.