mendelson opensource OFTP2 1.0 b9 released

Hi,

I am trying to connect with Volvo and sending files works, but while trying to receive files from Volvo server I have error (An existing connection was forcibly closed by the remote host).
Has this something to do with Volvo system that has diffrent sending and receivin host (192.138.117.2 sents and 88.193.197.124 receives)?

Or could my Certificate be faulty (Certificate works with other mendelson OFTP2 server from internet with public key).

Or is there something I could have missed with system settings, there isn't so much I can do?

----------
[9:19:13 AM] [12827171530497] Setting state machine Session Connection State Machine

[9:19:13 AM] [12827171530497] Incoming connection [/192.138.117.2:58925]

[9:19:13 AM] [12827171530497] Setting session var "Caller" to false

[9:19:13 AM] [12827171530497] Session state: IDLE

[9:19:13 AM] [12827171530497] Statemachine "Session Connection State Machine" received signal "N_CON_IND", state is "IDLE"

[9:19:13 AM] [12827171530497] Processing unit received signal "N_CON_RS", state is "IDLE"

[9:19:13 AM] [12827171530497] Send stream transmission header (10 00 00 17)

[9:19:13 AM] [12827171530497] Send bytes: 49 4f 44 45 54 54 45 20 46 54 50 20 52 45 41 44 59 20 0d

[9:19:13 AM] [12827171530497] Send command: SSRM

[9:19:13 AM] [12827171530497] Send command:
o-------------------------------------------------------
| SSRM Start Session Ready Message
o-------------------------------------------------------
| 0 | X(1) | SSRMCMD | SSRM Command | 'I' | [49]
| 1 | X(17) | SSRMMSG | Ready Message | 'ODETTE FTP READY ' | [4f 44 45 54 54 45 20 46 54 50 20 52 45 41 44 59 20]
| 18 | X(1) | SSRMCR | Carriage Return | '
' | [0d]
o-------------------------------------------------------

[9:19:13 AM] [12827171530497] Session state: IDLE --> A_NC_ONLY

[9:19:13 AM] A system error occured. For further information please have a look at D:\mendelson\opensource\oftp2\log\system_20100825.log

[9:19:13 AM] [12827171530497] An existing connection was forcibly closed by the remote host

[9:19:13 AM] [12827171530497] Connection closed [/192.138.117.2:58925]. Established for 0.4s, 899 bytes transfered
-------

java.io.IOException: An existing connection was forcibly closed by the remote host
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:202)
at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:42)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:620)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Jyrgestein,

I think its a certificate issue but I am not sure. Please ensure to add all root and intermediate certificates of you and your partners key/certificates to the keystore. If you are using SSL you must not have more than a single key in the keystore at the moment, please ensure to delete the delivered keys "key1" and "key2" from the keystore and keep your private key only.

We received and sent data successfully to VOLVO using the mendelson opensource OFTP2 b9. If you modified the keystore like described above and it still does not work - could you please ask why they closed the connection?

You could also debug the SSL connection from your side to see which keys/certificates are used for the handshake:

If you are using Windows please modify the oftp2.lax file and set the following parameter:

lax.nl.java.option.additional=-Djavax.net.debug=all
lax.stout.redirect=console
lax.sterr.redirect=console

If you are using any other OS please add the option "-Djavax.net.debug=all" to the java call in the start script.

Hope that helps
Regards
Heller

Hi,

Thank you for answer, removing unneeded keys changed case but still no files from Volvo. I sent email to volvo oftp2 administration, but haven't received any answer.

From keystore :
I removed anything that has nothing to do with volvo.
(importet verisign and our globalsign certificates (root and itermediate))
certification request from key -> ímported answer from GlobalSign (Domain Controller SSL 45 days Test (should be trusted with normal root ca))

Sending works.

When receiving there is no error in program console. But receiving just ends.
Error in Volvo supplier portal is 406 (=communication error :-) )
But in Java trace there is errors but are those all caused by volvo cutting connection I have no idea.

Earlier error was caused by misconfiguration of keystore, can anybody with higher knowledge say if this is caused by configuration or is certificate not trusted or maybe even wrong kind..

System is windows 2000 Server all actions done with terminal service desktop and admin user.
---------------------
[11:54:19 AM] Client connected to localhost/127.0.0.1:1235

[11:54:24 AM] Logged in as user "admin"

[11:54:24 AM] mendelson opensource OFTP2 1.0 build 9

[11:58:14 AM] [12828994869103] Setting state machine Session Connection State Machine

[11:58:14 AM] [12828994869103] Incoming connection [/192.138.117.2:42690]

[11:58:14 AM] [12828994869103] Setting session var "Caller" to false

[11:58:14 AM] [12828994869103] Session state: IDLE

[11:58:14 AM] [12828994869103] Statemachine "Session Connection State Machine" received signal "N_CON_IND", state is "IDLE"

[11:58:14 AM] [12828994869103] Processing unit received signal "N_CON_RS", state is "IDLE"

[11:58:14 AM] [12828994869103] Send stream transmission header (10 00 00 17)

[11:58:14 AM] [12828994869103] Send bytes: 49 4f 44 45 54 54 45 20 46 54 50 20 52 45 41 44 59 20 0d

[11:58:14 AM] [12828994869103] Send command: SSRM

[11:58:14 AM] [12828994869103] Send command:
o-------------------------------------------------------
| SSRM Start Session Ready Message
o-------------------------------------------------------
| 0 | X(1) | SSRMCMD | SSRM Command | 'I' | [49]
| 1 | X(17) | SSRMMSG | Ready Message | 'ODETTE FTP READY ' | [4f 44 45 54 54 45 20 46 54 50 20 52 45 41 44 59 20]
| 18 | X(1) | SSRMCR | Carriage Return | '
' | [0d]
o-------------------------------------------------------

[11:58:14 AM] [12828994869103] Session state: IDLE --> A_NC_ONLY

[11:58:17 AM] [12828994869103] Connection closed [/192.138.117.2:42690]. Established for 10.9s, 3622 bytes transfered

--------------------------------------
[Raw read]: length = 32
0000: 95 DB 48 F2 C8 BC DD 0A A7 32 80 DE 31 C7 1C 8B ..H......2..1...
0010: 72 BB 7C 21 41 7D D7 2D DF 5B 09 A2 CD 4A B5 CE r..!A..-.[...J..
NioProcessor-5, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C BB 8E D4 FB 8B FD 16 19 30 12 37 7B ............0.7.
0010: 94 D7 C0 88 40 5F 7B F0 36 39 7A 07 9E 89 30 DE ....@_..69z...0.
*** Finished
verify_data: { 187, 142, 212, 251, 139, 253, 22, 25, 48, 18, 55, 123 }
***
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C BB 8E D4 FB 8B FD 16 19 30 12 37 7B ............0.7.
NioProcessor-5, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 163, 13, 83, 215, 119, 224, 65, 40, 123, 226, 5, 116 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C A3 0D 53 D7 77 E0 41 28 7B E2 05 74 ......S.w.A(...t
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C A3 0D 53 D7 77 E0 41 28 7B E2 05 74 ......S.w.A(...t
0010: 01 D9 E3 40 F5 97 9A 9A 98 8F EB 55 DA 21 8C ED ...@.......U.!..
NioProcessor-5, WRITE: TLSv1 Handshake, length = 32
%% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
[Raw write]: length = 37
0000: 16 03 01 00 20 99 0D 72 98 86 2B 09 5F 14 4C D8 .... ..r..+._.L.
0010: A8 4D 07 AB 89 7A 28 F9 BB 11 81 6C DC D2 FC 91 .M...z(....l....
0020: 87 C5 F4 E6 E4 .....
Padded plaintext before ENCRYPTION: len = 39
0000: 10 00 00 17 49 4F 44 45 54 54 45 20 46 54 50 20 ....IODETTE FTP
0010: 52 45 41 44 59 20 0D 83 EA 9E 18 FA 7E 9F FD 43 READY .........C
0020: 4C 0F 14 C4 9A 39 36 L....96
NioProcessor-5, WRITE: TLSv1 Application Data, length = 23
[Raw write (bb)]: length = 44
0000: 17 03 01 00 27 D9 7A BA 24 48 A0 18 3A 25 52 68 ....'.z.$H..:%Rh
0010: 4C 15 B8 C1 CC 85 DE 73 C5 E9 17 8D EE 5F 48 8E L......s....._H.
0020: D8 29 AA 77 D0 2A E8 13 73 94 22 01 .).w.*..s.".
NioProcessor-5, called closeInbound()
NioProcessor-5, fatal error: 80: Inbound closed before receiving peer's close_no
tify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify:
possible truncation attack?
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
NioProcessor-5, SEND TLSv1 ALERT: fatal, description = internal_error
Padded plaintext before ENCRYPTION: len = 18
0000: 02 50 D7 40 0B 80 9C 6D 24 65 B7 04 44 CB A4 8D .P.@...m$e..D...
0010: 2C BC ,.
NioProcessor-5, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 7D 04 4A D5 DE 54 E7 29 9B EA A1 .......J..T.)...
0010: 0B 93 A0 17 BD 84 77 ......w
NioProcessor-5, called closeOutbound()
NioProcessor-5, closeOutboundInternal()

Jyrgestein,

In my opinion this is still a certificate configuration issue. Perhaps on the VOLVO side, if you are sure that all your keys are trusted (could you double check if all your certs/keys are imported with the full trust path?) ??

Regards
Stefan

Hi Jyrgestein,

We had a similar problem and that was due to the fact that we had initially setup a wildcard-certificate that could not be handled by the Volvo software. Make sure the host of your certificate exactly matches the DNS name of your server and is signed by a valid CA (self-signed certificates do not work). Furthermore make sure all CA certificates (intermediate and root) are in your trusted store. Also you need to make sure that only one key exists in the keystore as the first one will be taken. Once you server is running you can examine the certificate using IE or Portecle

Niels

Thanks all for answers.

So it seems certificate is problem. Is there any free (test) certificate to run test that is known to work with Volvo?
I am running all tests in test server so it seems odd to get new 180€ certificate to transfer one test file.

Jyrgestein,

There are several free CAs available. I would recommend Startcom

https://www.startssl.com/

- but please have a look at the list that VOLVO has posted with CAs they accept first:

http://www.volvoit.com/volvoit/edi/en-gb/Europe/communication/OFTP2/page...

Regards
Heller

Finally it's workking.

I changed program to another ( windows 2003 R2 ) server.
Made new certificate ( Go Daddy ) cost was only few € to create new domain and get certificate.

Thank's all for advice, most likely it was only Certificate problem, but since I got answer from Volvo that old certificate should be vali I made major changes.

Hi Jyrgestein,

I can see that you send files to Volvo using Mendelson OFTP2 software.

I have a problem sending files to volvo. When they receive files from us these characters \r\n has been put in at the end of each line (They are not in the original file).

Could you maybe help me with som screen shots of how you have setup communication to volvo using the mendelson OFTP2 software.

I cannot get any help on this from Volvo.

I hope you can help me on this issue

You can also send me an email at this address:

bo(at)centex.dk
(Please replace (at) with an @ before sending)

Kind regards

Bo Hansen

Bo,

this thread is more then a year old. We have a lot of customers exchanging messages with Volvo via OFTP2 without problems. Please check if the special characters are not created by your system somehow, e.g. by a copy process or something like that before the message is sent.

Regards