This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 612137

Summary: RFE: JBoss plugin - log details when SSL connection to CSP fails
Product: [Other] RHQ Project Reporter: Ondřej Žižka <ozizka>
Component: PluginsAssignee: Libor Zoubek <lzoubek>
Status: CLOSED NOTABUG QA Contact: Mike Foley <mfoley>
Severity: low Docs Contact:
Priority: low    
Version: 1.3.1CC: jshaughn, theute
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-30 04:04:09 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 678340    

Description Ondřej Žižka 2010-07-07 08:07:17 EDT
It can happen that the used JVM does not have SSL certificates needed to connect to CSP server. It would be nice if JON provided a hint what's wrong.

E.g. When clicking the "TEST" button of a JBoss patch source, JON only says "Failed the attempt to connect to the remote repository for ... Check the configuration and make sure the remote repository is up."

A message such as "Failed connect - unable to find an appropriate SSL key for ..." would be much better.

Is that possible?
Comment 1 Ondřej Žižka 2010-07-07 08:09:14 EDT
Even the debug levels are not much useful for this:

2010-07-07 14:01:13,773 DEBUG [org.apache.commons.httpclient.HttpConnection] Open connection to access.stage.redhat.com:443
2010-07-07 14:01:13,950 DEBUG [httpclient.wire.header] >> "GET /jbossnetwork/restricted/feed/software.html?product=all&downloadType=all&flavor=rss&version=&jonVersion=2.0 HTTP/1.1[\r][\n]"
2010-07-07 14:01:13,950 DEBUG [org.apache.commons.httpclient.HttpMethodBase] Adding Host request header
2010-07-07 14:01:13,950 DEBUG [httpclient.wire.header] >> "User-Agent: Jakarta Commons-HttpClient/3.0.1[\r][\n]"
2010-07-07 14:01:13,950 DEBUG [httpclient.wire.header] >> "Host: access.stage.redhat.com[\r][\n]"
2010-07-07 14:01:13,950 DEBUG [httpclient.wire.header] >> "[\r][\n]"
2010-07-07 14:01:14,155 DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Closing the connection.
2010-07-07 14:01:14,155 DEBUG [org.apache.commons.httpclient.HttpMethodDirector] Method retry handler returned false. Automatic recovery will not be attempted
2010-07-07 14:01:14,155 DEBUG [org.apache.commons.httpclient.HttpConnection] Releasing connection back to connection manager.
2010-07-07 14:01:14,155 DEBUG [org.apache.commons.httpclient.HttpConnection] Releasing connection back to connection manager.
Comment 2 Ondřej Žižka 2010-07-07 08:20:17 EDT
Actually, synchronization attempt logs this information. So perhaps the exception handling could be just copied.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        ...
        at org.apache.commons.httpclient.HttpClient.executeMethod(Unknown Source)
        at org.rhq.enterprise.server.plugins.jboss.software.JBossSoftwareContentSourceAdapter.retrieveRssDocument(JBossSoftwareContentSourceAdapter.java:203)
        at org.rhq.enterprise.server.plugins.jboss.software.JBossSoftwareContentSourceAdapter.synchronizePackages(JBossSoftwareContentSourceAdapter.java:120)
        ... 52 more
Comment 3 Jay Shaughnessy 2014-06-02 15:09:13 EDT
Libor, you mentioned doing something with CSP integration just today.  Please take this as a suggestion if it is at all relevant.  Please close this when you are done, or it it is not relevant.