While Jetty is normally well behaved, there are times when it is necessary to debug problems. This is a simple guide describing the debugging options available and how to control them.
The target audience is Java developers.
Debugging of Jetty is controlled by the org.mortbay.util.Code
class - what follows is basically ripped out of the javadoc for that class.
java [-DDEBUG [-DDEBUG_PATTERNS="MyClass,my.package"] \ [-DDEBUG_OPTIONS=[S][W]] \ [-DDEBUG_VERBOSE=n] ] my.package.main
JAVA_OPTIONS='-DDEBUG' ./bin/jetty.sh run
As described in the JSSE FAQ, there is a debug facility built into JSSE controlled by the javax.net.debug property.
Assuming that you've got JSSE configured properly you will be able to use it as follows, you will need to edit the etc/demo.xml as described in The JSSE SSL doco.
To get help use:
JAVA_OPTIONS='-Djavax.net.debug=help' ./bin/jetty.sh run
You will get something like this:
all turn on all debugging ssl turn on ssl debugging The following can be used with ssl: record enable per-record tracing handshake print each handshake message keygen print key generation data session print session activity handshake debugging can be widened with: data hex dump of each handshake message verbose verbose handshake message printing record debugging can be widened with: plaintext hex dump of record plaintext
JAVA_OPTIONS='-Djavax.net.debug=ssl,handshake,data' ./bin/jetty.sh run
Assuming you've got the excellent (in a Bill&Ted way) openssl package installed, you can use it's s_client utility to help debug an SSL setup.
To get help use:
man s_client
or:
openssl s_client -help
When run against a server using the expired test certificate the following is generated.
bretts@london[7538]: openssl s_client -showcerts -connect localhost:8443 CONNECTED(00000003) depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server verify error:num=18:self signed certificate verify return:1 depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server verify error:num=10:Certificate has expired notAfter=Jan 20 13:55:44 2001 GMT verify return:1 depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server notAfter=Jan 20 13:55:44 2001 GMT verify return:1 --- Certificate chain 0 s:/C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server i:/C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server -----BEGIN CERTIFICATE----- MIICjjCCAfcCBDny8eAwDQYJKoZIhvcNAQEEBQAwgY0xEDAOBgNVBAYTB1Vua25v d24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xHDAaBgNVBAoT E01vcnQgQmF5IENvbnN1bHRpbmcxIDAeBgNVBAsTF09wZW4gU291cmNlIERldmVs b3BtZW50MRUwEwYDVQQDEwxKZXR0eSBTZXJ2ZXIwHhcNMDAxMDIyMTM1NTQ0WhcN MDEwMTIwMTM1NTQ0WjCBjTEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5r bm93bjEQMA4GA1UEBxMHVW5rbm93bjEcMBoGA1UEChMTTW9ydCBCYXkgQ29uc3Vs dGluZzEgMB4GA1UECxMXT3BlbiBTb3VyY2UgRGV2ZWxvcG1lbnQxFTATBgNVBAMT DEpldHR5IFNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfU06Yq0 Kgg/1PB/koBUVstoVZXunnpphJEtuC4MSD/ToBywEBtxgH+kqxU5PouY+D8q7F2e mhnAUkBOBBxiB5FhSVxAEMFgwRW2xY4KpEzHfoNv4D09dXqHpb7QytW7wh1JCWwJ /NxFyuDNvhJyuKHITt9UK5Y0Sq9QZN31YBECAwEAATANBgkqhkiG9w0BAQQFAAOB gQA9ETZCa9GY6sBA2tCqD9s+aLVU8TijVuQkR3djXDLo4b9IeiWmyWWzo+pOF3Mi 7sO41rZoli5blTepQ6TwvnzgBXjkNbttcJPKGzc9qg+WT53wq2dpiYE/UbFDzUTG AapPu7TOQUxym81QgP+JcD7nvrT4VlvP17wXcSJ4P2pzPg== -----END CERTIFICATE----- --- Server certificate subject=/C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server issuer=/C=Unknown/ST=Unknown/L=Unknown/O=Mort Bay Consulting/OU=Open Source Development/CN=Jetty Server --- No client certificate CA names sent --- SSL handshake has read 1000 bytes and written 248 bytes --- New, TLSv1/SSLv3, Cipher is EXP-RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EXP-RC4-MD5 Session-ID: 3B079FD18A655C2228F3B9267CDC768F2BD0251E0B2EE8E2E980BDB02F341369 Session-ID-ctx: Master-Key: 9AD848E83549CF9835747EC287876579D95F3D69A64B9DB8E90E78B42D355F9CDD130D5AD1FE406743784B75B7CA58BE Key-Arg : None Start Time: 990355411 Timeout : 300 (sec) Verify return code: 0 (ok) ---