Tunnel to establish an SSL connection inside a SSL connection
I have an application that establishes a SSL30Connection with a web proxy server. This connection is opened using the ConnectionFactory. To enable HTTPS through proxy web, trying to create an SSL connection to a website (for example google.com) that uses the proxy server of SSL connection as its "subConnection" (see javadocs for SSL30Connection). When I try to do, I find myself with an EOFException or a ConnectionClosedException.
I am aware of the workaround described here and have tried to use it, but still, the SSL connection to the remote server does not.
Does anyone know if this kind of functionality is supported by the BB? Is there a 3rd party API that could achieve this?
I open a topic in the RIM developer Issue Tracker as well:
https://www.BlackBerry.com/jira/browse/JAVAAPI-2179
Thank you.
It turns out that several things went wrong.
(1) the proxy has been close the connection after I read the response HTTP CONNECT. The fix for this consisted of two parts:
++ By adding a "Proxy-Connection: keep-alive" header.
+ Changing the way I read the answer. Before, I read the inputStream in 256 b pieces until Ihit-1. I changed it to simply read until I touched a line return character as the CONNECTION response is onlyone linelong.
After you make these changes, I was able to make a socket: / / connection to the proxy and then do a ssl: / / to the remote server with the proxy as subConnection of ssl connection. However, when I tried to do a ssl: / / connection to the server, I always got the EOFException at the opening of the ssl: / / connection to the remote server. Then, like Santa himself immersed in to give me a Christmas gift at the beginning... I remembered that I had met problems with ssl: / / connections before; specifically, to write data to an ssl: / / OutputStream of connection REQUIRES a call to OutputStream.flush (). If you don't flush, data is never written (or the buffer is really big... anyway, adding that a function flush() suits). Remember this problem led me to the last part of the solution to this problem.
(2) I wrapped the proxy ssl connection and its already open input and output stream in a class that looks like this:
public class ProxyStreamConnectionWrapper implements StreamConnection {
private StreamConnection stream;
private DataInputStream inputStream;
private DataOutputStream outputStream;
public ProxyStreamConnectionWrapper(StreamConnection stream, DataInputStream dataInputStream, DataOutputStream dataOutputStream) {
this.stream = stream;
this.inputStream = dataInputStream;
this.outputStream = dataOutputStream;
}
public DataInputStream openDataInputStream() throws IOException {
return inputStream;
}
public InputStream openInputStream() throws IOException {
return inputStream;
}
public void close() throws IOException {
stream.close();
}
public DataOutputStream openDataOutputStream() throws IOException {
return new DataOutputStream( openOutputStream() );
}
public OutputStream openOutputStream() throws IOException {
return new OutputStream() {
public void write( byte[] b, int off, int len ) throws IOException {
outputStream.write( b, off, len );
outputStream.flush();
}
public void write( byte[] b ) throws IOException {
outputStream.write( b );
outputStream.flush();
}
public void write( int b ) throws IOException {
outputStream.write( b );
outputStream.flush();
}
};
}
I got the idea of this wrapper from a previous post I already linked to above. The solution is in the openOutputStream() method. Adding the function flush() after each write the ssl handshake forces given the connection to the remote server ssl proxy server offline.
Merry Christmas!
Tags: BlackBerry Developers
Similar Questions
-
Hei guys,.
Please help me on this one because I'm stuck enough on her...
I am trying to connect to a Cisco 3700 router configured as a VPN server by using a VPN client and the VPN connection does not settle.
This is an extract from the log:
130 12:48:30.585 07/01/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
131 12:48:30.585 07/01/11 Sev = WARNING/3 IKE/0xE3000057
The HASH payload received cannot be verified
132 12:48:30.600 07/01/11 Sev = WARNING/2 IKE/0xE300007E
Failed the hash check... may be configured with password invalid group.
133 12:48:30.600 07/01/11 Sev = WARNING/2 IKE/0xE300009B
Impossible to authenticate peers (Navigator: 904)
134 12:48:30.600 07/01/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO (NOTIFY: INVALID_HASH_INFO) for 200.100.50.173I enclose the whole journal extract... The message "BOLD" is quite obvious, you mean, but I'm 100% sure, in the login entry, I typed correctly the group password: pass
My topology is very basic, as I am setting this up only to get a clue of the operation of the Cisco VPN. It is built in GNS3:
-2 3700 routers: one of them holds the configuration of the VPN server and the other would be the ISP through which the remote worker would try to establish a VPN connection. I am also attaching the configuration file for the router configured as a VPN router.Behind the second router there is a virtual XP machine on which I have installed VPN client...
My connection entry in the customer is to have the following parameters:
Host: 200.100.50.173 , //which is the IP address of the VPNServer
Authentication-> authentication-> name group: grup1 password: pass / / I'm quite positive that I typed the correct password... even if the log messages are linked to a misidentification.I use public addresses only, because I noticed there is a question about behind the NAT VPN connections and is not not very familiar to the NAT.
Another aspect which can be of any importance is that "allow Tunneling of Transport" in the tab Transport to the input connection is disabled
and the VPNServer router logs the following error message when you try to establish the connection:
* 01:08:47.147 Mar 1: % CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE 200.100.50.34 package was not encrypted and it should have been.
* 01:08:47.151 Mar 1: % CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE 200.100.50.34 package was not encrypted and it should have been.You have no idea why I can't connect? Y at - it something wrong with my configuration of VPN server... or with the connection entry in the VPN client?
Thank you
Iulia
Depending on the configuration of the router, the group name is grup1 and the password is baby.
You also lack the ipsec processing game that you would need to apply to the dynamic map.
Here is an example configuration for your reference:
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080235197.shtml
Hope that helps.
-
Safari is unable to establish a secure connection
More get, "Cannot open page" in Safari "...". because Safari is unable to establish a secure connection... ' Just happened with a page on the site of the City Government. All I can do to fix this. MBP3, 1, OS X 10.8.5, Safari 6.2.8
Is the time within 5 minutes or less than the exact time? Otherwise, no secure connections.
-
Bug Safari: could not establish a secure connection & search bar problem
I'm hosting a server wiki on one of my macs and he got a self-signed certificate (the one generated by the server application). Since a few days ago (10.11.3 upgrade could be the culprit), Safari cannot establish a secure connection, no more. Oddly enough, this kind of coincide with the search box issue as well, which has been documented elsewhere.
I checked, the certificate is marked as "always trust" in my keychain. I can access the wiki perfectly in Firefox for example.
What a paradox, that I have to use third party software to access a software solution Apple...?
Please let me know if you have had the same problems and if you managed to solve it.
Thank you
HE'S
Hey! Take a look at this. This temporary has helped a number of users here. Over time, everything should be resolved then wait for a while.
A possible solution to the problem of address bar: disable the Safari Suggestions
If you have problems to open Web pages, take a look at these techniques proposed by Apple of troubleshooting.
https://support.Apple.com/en-us/HT204098
Go to the Safari menu (at the top right of your screen next to the Apple icon), choose 'Quit Safari'
Press the "Shift" key and while holding this button on your unique keyboard, click the icon of Safari on your Dock.
Open Safari - Preferences - Privacy - data to remove any Web site.
Open the menu to go with the Option (Alt) key - library - key locate Safari folder and place it on your desktop. Restart your Mac, open Safari and delete the file from your desktop.
Also, try the following steps:
Restart your Mac.
Try to start:
-Stop your Mac
-Wait until your computer turns off and after that press the power button
-Just after you hear the startup tone, press in and hold the SHIFT key
-Release the SHIFT key when you see a gray Apple sign and the progress under this sign bar
-Once your Mac boot, restart dhcpd as you usually do.
-
Original title: no local network connection
No links to the local area network connection. But how to use the Internet again, please help establish a LAN connection.
Hi H.mustafaakyurek,
· What operating system is installed on your computer?
You can view the following items on the creation of a network connection:
Setting up a network home
http://Windows.Microsoft.com/en-us/Windows7/setting-up-a-home-network
Start here to set up a home network in Windows 7
http://Windows.Microsoft.com/en-us/Windows7/start-here-to-set-up-a-home-network-in-Windows-7
Setting up a wireless network
http://Windows.Microsoft.com/en-us/Windows7/setting-up-a-wireless-network
Also see the following articles on the connection of an Internet connection:
What do I need to connect to the Internet?
http://Windows.Microsoft.com/en-us/Windows7/what-do-I-need-to-connect-to-the-Internet
Allows to connect to the Internet mobile broadband
http://Windows.Microsoft.com/en-us/Windows7/use-mobile-broadband-to-connect-to-the-Internet
Hope this information helps.
-
Hello
I connected two computers, one running on windows xp sp2 and others running on windows xp sp3 via com using RS232 port via link Modem DFM-562E ++.
I am able to dial numbers from a PC successfully.
But when I do a direct link between them (one as a host, the other guest) through the com port, I get error 777.
Is this because the two PC's using different service packs?
Help, please.
Thank you & best regards
RaviIt is not the service pack - although you should have installed sp3 now.
Your message is not clear: have you been able to connect successfully computers using your modem D-Link? How did you do that? Will there be a modem in the second computer?
What cable are you using to establish a direct connection between the com ports on both computers? If you have purchased this cable online, please provide a link to the site where you bought it.
Please describe the physical connection between the two computers. For example, this is how you connect to the Internet by dial-up services:
computer 1-{(9 broches) RS-232 serial port}-{RS-232 cable supplied with the modem}-{modem}-{phone cord (RJ-11 modular plugs at each end)}-{telephone wall jack}
-
I just loaded windows XP on my old tower. I have an ethernet cable connected to my modem, but I can't establish an internet connection.
You are welcome for the answer. You will need to use a cd/dvd drive or a removable media like a flash/USB device to transfer the file on the computer in question. You can download the LOM Broadcom 10/100 Ethernet controller driver from HERE.
-
Hello
We use the Microsoft Online Service in our office.
The user is confronted with the question by connecting to the Microsoft Online Service, it gives the error could not establish a secure connection t server. Please check if you have installed the required certificates.
The one you suggest to fix the problem
Thank you
Hello
Note that your computer is under domain, you must contact the technet forum, where we are the support technicians who are well equipped with knowledge on the issues of domain, do please visit the link provided below.http://social.technet.Microsoft.com/forums/en-us/category/MicrosoftOnlineServices
-
I'm tryng to connect wirelessly between my laptop and printer but I am unable to do so.
My laptop finds the printer and when I go to add the device I invite me to "Enter the WPS PIN code for your printer". So, I printed out the Configuration Page of the network and it gives me the "wi - fi direct password", which I suppose is the password that is required to establish that it connection (I may be wrong in my explanation). However, when I type the password on my laptop it does not establish the connection. I said "try to add the printer again, or check with the manufacturer for addiitonal installation instructions.
Any insght and assistance is greatly appreciated.
Thank you.
Hello
You should searh for your wifi network at home and connect your printer and the laptop to the network. Direct WiFi option is really only for configurations that do not have a modem/router.
You may need to disable the option Wireless directly on your printer to help the wireless configuration.
-
The message to dropbox who cannot establish a secure connection
Original title: could not establish a secure connection to Dropbox
Recently, my dropbox could not "establish a connection," citing error clock. The clock is accurate. Dropbox makes a connection secured in safe mode and updates. Until last week, it works beautifully. Have not installed new anything except the windows updates. What can I do?
Hello
Thanks for posting the question in the Microsoft Community!
You get a message with dropbox, it could not establish a secure connection.
1 did you do changes on the computer before the show other than the installation of the Windows updates?
2. what browser do you use?
I suggest you to visit:
https://www.dropbox.com/help/159/en
I hope this helps. If the problem persists, let know us and we would be happy to help you.
-
I have recently upgraded to windows 7 with a flash drive. Windows starts now in 30 seconds - which is a lot less time that it takes my router broadband (wired connection to my PC) to start and establish an internet connection.
If I switch both on the freezer, boot windows right now, Windows Live Mail will not download my emails from Hotmail, it gives me the error message I pasted below. It will not work until I have restart windows.If I wait until my router is initialized and has established a connection, then on windows startup, the emails work fine.If I have the error and then restart, then I can check my emails OK.It seems that if windows 7 can not detect an active internet connection when it starts, it initiates this error...Any ideas?Can't send or receive messages for the Hotmail account (Whitling2k).
Server error: 0 x 80048820Server: 'http://mail.services.live.com/DeltaSync_v2.0.0/Sync.aspx '.Windows Live Mail error ID: 0 x 80048820Your DHCP server on your router is. It assigns addresses on your local network. It must be up and current run when you start Windows or your PC will not get a valid IP address.
-
Groups of Tunnel by site to site connection VLAN?
On my ASA, which has been in production for a few years, there is IPEC tunnels sit-to-site Configuration.
Each client VPN IP of the interface is named, example:
Name the My_Router 192.168.1.1
And there is an IPSEC transform set configured for the name.
What is ' minutes wondering, there are also tunnel groups configured for each connection. The name of certain groups-tunnel is the IP address of the VPN client device. The name of the tunnel is simply a value of text, correct? Is the IP address that is used to name just a value and not anywhere else where the IP address is configured is requested? I need to change the IP address of one of these site-to-site VPNs and I'm worried because I don't know what role the tunnel groups or what is actually look at their requirements as it does not appear that anything else in the config uses tunnel-group name.
tunnel-group 192.168.1.1 type ipsec-l2l
IPSec-attributes tunnel-group 192.168.1.1
pre-shared key xxxxxx
Thanks for any help in this compensation for me!
-----------------
I did some further studies, it seems that all my groups of tunnel are related to my (default) DfltGrpPolicy.
It seems that the tunnel-groups do not do anything?
In general, the name of the tunnel-group should be the IP address of the remote peer if you use pre shared key. When an IPSec connection arrives, the ASA uses the IP address to find the good PSK. If the peer changes, you will need to reconfigure the tunnel-group.
You need not own transform-set for each connection. I only have usually two or three of them called ESP-AES256-SHA ESP-AES128-SHA and ESP-3DES-SHA. Names to describe what is in the set of transformation. They are then applied to all connections.
Default group policy is fine if you do not have special needs by connections as different VPN-filter.
Sent by Cisco Support technique iPad App
-
Problems with 9000 device establishing a socket connection?
Edit again: still a problem, see Update 2 to end...
My app works fine on 4.3 & 4.5, device and Simulator. Also works very well in the 4.6 Simulator. However, on the bold new we just acquired today, I can't do the blackberry establish a socket connection. As far as I can tell a call to Connector.open which has the form:
String connUrl = "socket://
: ;deviceside=true";StreamConnection sc = (StreamConnection) Connector.open(connUrl); .. will never return! I set breakpoints after him in the file and I get nothing. There is no sign of a connection through to the other end. I put a breakpoint on the line with Connector.open so I know is to be worn, but if I click on 'no more' control is never returned to the jde debugger.
I realize in Application 4.6 permissions have been moved around, but I've set manually the application has permission to connect to the internet. I tried to connect to a server, I know that the blackberry can access (e.g. www.google.com), I expect this to cause then an exception more than my application is obviously not HTTP... but nothing! No indication the Connector.open never call does not return. No exception seems also to be thrown, ControlledAccessException or other... can someone guess what might be happening here? It seems that it is a fundamental thing to do, I don't see what could have changed. My thread Manager program is still running behind all that (I see his messages to regular use of ram) isn't as all users of the application are overwritten or anything.
My request is signed, I checked several times. I can also access the internet as usual from the blackberry browser. It is also interesting to note that, on the debugger to connect to the device, told me debugging information are missing about two - net_rim_cldc and net_rim_os modules if I remember correctly. Then, he said because of this "many debugging features will not work properly", but as far as I can see, willing or not, debug this connection is simply not be established, and yet no exception or anything is up. The above code is surrounded by try/catch that will catch java.io.IOExceptions and ControlledAccessExceptions, among others, but none of this code is already hit. And surely if it was some type of more exotic exception that I have no intention, I would like to at least get a popup on the screen tell me about an uncaught exception?
Help would be greatly appreciated!
UPDATE: standard Version, as soon as I had finished my half hour trying to get this thing to work and then wrote a post about the epic forum, he begins to work. Perfectly as I can tell. I guess it could have been a little temporary bad service from my supplier... Oh well anyway we are all good now...
UPDATE 2: it appears when wifi connections aren't a problem, but if I turn off wifi problem remains. Any ideas?
How long did you wait for an exception? It must expire after 2 minutes if it is unable to connect. Which way you make the connection? You use the deviceside parameter?
The BlackBerry has been activated on a BlackBerry Enterprise Server? You have completed the information under Options, Advanced Options, TCP APN? The BlackBerry shows 3G on the home screen (capital G)?
-
I'm having a problem when I try to establish a VPN connection
I have a problem when I try to establish a VPN connection between a remote computer and my desktop computer that we use as a file server in our network of workplaces. It has a static IP address. The VPN connection was working until the person on the other side you have forgotten the password. We decided to set up a new connection with the new user name and password. The remote computer could not establish a VPN connection with the server, but when the person on the other side tried to open the files, she received a message indicating there is no permission to do so. I can't understand how to give the person permission to open folders. Can anyone help?
Hello
Thanks for posting in the Microsoft Community.
The question you posted would be better suited in the TechNet community.
http://social.technet.Microsoft.com/forums/en/w7itprogeneral/threadsI hope this helps!
-
When I try to establish a wifi connection, it shows that the problem with the network card is not fixed. How can I solve this problem?
Hello
Thank you for writing to Microsoft Communities.
Until we start troubleshooting on this issue please provides us additional information by answering a few questions, this will help us better solutions to the problems.
1. What is the full error message do you get?
2. are - that you be able to access or connect to the Internet via wired?
3 have there been recent changes to the computer before the show?
Please go ahead and follow the steps mentioned and later a update on the State of the question.
Method 1:
Try to run the network troubleshooters. Check if it enumerates and helps resolve the errors.
http://Windows.Microsoft.com/en-us/Windows7/open-networking-troubleshootersMethod 2: If the problem persists, try to follow the steps from the link.
In the Windows wireless network connection problems:
http://Windows.Microsoft.com/en-us/Windows/help/wired-and-wireless-network-connection-problems-in-WindowsCheck this link for more information:
How can I troubleshoot network card? http://Windows.Microsoft.com/en-us/Windows7/fix-network-adapter-problems
Why can't I connect to the Internet?
http://Windows.Microsoft.com/en-us/Windows7/why-can-t-I-connect-to-the-InternetPlease follow these recommended steps and post if you still experience the problem.
Maybe you are looking for
-
How can I remove photos from my iphone
I tried to remove photos from my iPhone and I can't, could someone remove
-
HP S55 10y: don't know the BIOS password
Im trying to reimage my office but I don't know the BIOS password to change settings. Someone please HELP! Laughing out loud
-
How to print the screen that is on my monitor
I have some information on my screen and print a copy of it for my records. But I tried to do it through my printer, but nothing comes. I tried the "touch Shift and the PrtSc key, but nothing happens. How to do a "print screen"?
-
Cannot use auxiliary keys keyboard after system restore
I had to reload XP so I used reloading with the CD backup option. I have an emachines keyboard that has additional, such as buttons that cut, paste, volume, etc., and after that I reloaded XP from the CD, these buttons not working. The icon zHotkey
-
Windows XP Media Center Edition BSOD
Hello, I could use a little help. My system, Dell E510, Windows XP Media Edition 2002 Service Pac 2, boots just a blue screen. The error on the BSOD is SESSION5_INITIALIZATION_FAILURE Tech info: STOP: 0 X 00000071 once the BSOD read error: PROCESS1_