1 Reply Latest reply on Nov 24, 2008 1:08 PM by jgbedell

    HTTP/1.1 400 No client certificate chain in this request

    jgbedell
    jgbedell Nov 19, 2008 3:27 PM

      Our setup:

      We have an Axis2 1.3 web service client hitting a 3rd party web service running on a JBoss server w/ Apache Coyote. We do not know what package(s) were used to developer the server-side.

      We need to connect via SSL using certificate authentication.

      The basic payload of the web service is a series of updates. Our client code runs once per day, grabs any updates in our system since the last run, and sends them on to the server's web service. We can have anywhere from 0 to a few hundred updates to send.

      The problem comes with the amount of updates we have to send. If we only have a few (1-3) everything runs fine. We send our data up, we authenticate properly and receive a successful return from the server. At around 4 or 5 updates (depending on the actual amount of data in the updates) or rather once we cross 4096 bytes in the request body, we start receiving errors. If we up it a bit more, say 10 or more updates, we receive a different error. We've done some investigation and found several suggestions to turn off HTTP Chunking in the request. We've done that and we still get the error. We've also tried swapping to HTTP 1.0, as well as increasing the maxHttpHeaderSize on the server-side JBoss Connector. All with no luck. We attempted to use TCPMON to watch the transactions go across, but when we turned SSL and Certificate Authentication off (as we understand is needed for TCPMON to work), everything worked fine.

      We do have a local copy of the 3rd party server that we are testing against and can make configuration changes to Coyote/JBoss if needed for testing. However, we have no access to the server-side web service code, other than through decompliation.

      Any help or pointers anyone can offer would be greatly appreciated.

      Results with 4-5 updates
      The header:

      2008/11/18 16:33:58:081 EST [DEBUG] header - << "HTTP/1.1 500 Internal Server Error[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "Server: Apache-Coyote/1.1[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "Content-Type: text/xml;charset=utf-8[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "Date: Tue, 18 Nov 2008 21:32:38 GMT[\r][\n]"
2008/11/18 16:33:58:081 EST [DEBUG] header - << "Connection: close[\r][\n]"


      The body: 
      <S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
 <faultcode>S:Server</faultcode>
 <faultstring>javax.xml.soap.SOAPException: com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
[\n] at [row,col {unknown-source}]: [1,4096]</faultstring>
 <detail>
 <ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/" class="javax.xml.ws.WebServiceException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
 <message>javax.xml.soap.SOAPException: com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
[\n] at [row,col {unknown-source}]: [1,4096]</message>
 <ns2:stackTrace><ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="81" method="getMessage"/>
 <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
 ...
 <ns2:cause class="javax.xml.soap.SOAPException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
 <message>com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
[\n] at [row,col {unknown-source}]: [1,4096]</message>
 <ns2:stackTrace>
 <ns2:frame class="com.sun.xml.ws.message.AbstractMessageImpl" file="AbstractMessageImpl.java" line="195" method="readAsSOAPMessage"/>

 <ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="79" method="getMessage"/>
 <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
 ...
 <ns2:cause class="org.xml.sax.SAXParseException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
 <message>Unexpected end of input block in start tag
[\n] at [row,col {unknown-source}]: [1,4096]</message>
 <ns2:stackTrace>
 <ns2:frame class="com.sun.xml.ws.message.stream.StreamMessage" file="StreamMessage.java" line="378" method="writePayloadTo"/>
 <ns2:frame class="com.sun.xml.ws.message.stream.StreamMessage" file="StreamMessage.java" line="459" method="writeTo"/>
 <ns2:frame class="com.sun.xml.ws.message.AbstractMessageImpl" file="AbstractMessageImpl.java" line="193" method="readAsSOAPMessage"/>
 <ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="79" method="getMessage"/>
 <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
...


      Results with 6+ updates
      The header: 
      2008/11/18 16:44:36:596 EST [DEBUG] header - << "HTTP/1.1 400 No client certificate chain in this request[\r][\n]"
2008/11/18 16:44:36:596 EST [DEBUG] header - << "Server: Apache-Coyote/1.1[\r][\n]"
2008/11/18 16:44:36:596 EST [DEBUG] header - << "Content-Type: text/html;charset=utf-8[\r][\n]"
2008/11/18 16:44:36:596 EST [DEBUG] header - << "Content-Length: 1094[\r][\n]"
2008/11/18 16:44:36:596 EST [DEBUG] header - << "Date: Tue, 18 Nov 2008 21:43:17 GMT[\r][\n]"
2008/11/18 16:44:36:596 EST [DEBUG] header - << "Connection: close[\r][\n]"


      The body: 
      <html>
 <head>
 <title>JBossWeb/2.0.1.GA - Error report</title>
 <style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
 </head>
 <body>
 <h1>HTTP Status 400- No client certificate chain in this request</h1>
 <HR size="1" noshade="noshade">
 <p><b>type</b> Status report</p>
 <p><b>message</b><u>No client certificate chain in this request</u></p>
 <p><b>description</b>
 <u>The request sent by the client was syntactically incorrect (No client certificate chain in this request).</u>
 </p>
 <HR size="1" noshade="noshade">
 <h3>JBossWeb/2.0.1.GA</h3>
 </body>
</html>


      Obviously the return body on the 6+ case is unparsable and throws an error in Axis2 when it tries to parse that response: 
      2008/11/18 16:44:36:643 EST [INFO] BuilderUtil - OMException in getSOAPBuilder <org.apache.axiom.soap.SOAPProcessingException: First Element must contain the local name, Envelope , but found html>org.apache.axiom.soap.SOAPProcessingException: First Element must contain the local name, Envelope , but found html
 at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:219)
 at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:177)
 at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:163)
 at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
 at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
...


      • 5358 Views
      • Tags:
        • 1. Re: HTTP/1.1 400 No client certificate chain in this request
          jgbedell
          jgbedell Nov 24, 2008 1:08 PM (in response to jgbedell)

          We have solved the issue. I thought I would post the solution here for future reference.

          From: http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/2.1.0/config/printer/http.html

          maxSavePostSize:
          The maximum size in bytes of the POST which will be saved/buffered by the container during FORM or CLIENT-CERT authentication. For both types of authentication, the POST will be saved/buffered before the user is authenticated. For CLIENT-CERT authentication, the POST is buffered for the duration of the SSL handshake and the buffer emptied when the request is processed. For FORM authentication the POST is saved whilst the user is re-directed to the login form and is retained until the user successfully authenticates or the session associated with the authentication request expires. The limit can be disabled by setting this attribute to -1. Setting the attribute to zero will disable the saving of POST data during authentication . If not specified, this attribute is set to 4096 (4 kilobytes).

          We simply added this attribute to our JBoss connector in the server.xml file, set the value to “-1� and everything works fine now, no matter how many updates we send.

          I would just like to add that I was rather disappointed in these forums. I came here as a relative JBoss beginner hoping that the actual JBoss forums would provide me any answer if that answer turned out to be something simple with JBoss setup. That did turn out to be the case, but after 5 days of this post sitting here, I still have 0 responses. Does no one actually monitor these forums?

            • Actions