You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by "Loureiro, Gil" <gi...@logica.com> on 2009/02/03 14:10:04 UTC
Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Hi all,
I'm getting a strange error that appends in a random way.
My instance allows only one connection for the user hctrf.
Bellow is the log with trace, where we can see in a PASV command the system raises an "Unexpected exception from SSLEngine.closeInbound()." followed by a try to open a new session, that obviously returns a 421.
That instance hangs and only releases the connection after a start/stop, could someone help?
Log:
[ INFO] 2009-02-03 12:38:50,851 [hctrf] [10.240.2.84] CLOSED
[ INFO] 2009-02-03 12:38:50,907 [] [10.240.2.84] CREATED
[ INFO] 2009-02-03 12:38:50,908 [] [10.240.2.84] OPENED
[TRACE] 2009-02-03 12:38:50,908 [] [10.240.2.84] Inicio da transferencia de pendings xml
[TRACE] 2009-02-03 12:38:50,943 [] [10.240.2.84] Existem 0pendings xml
[TRACE] 2009-02-03 12:38:51,015 [] [10.240.2.84] Pending XML, conecção ao SGFI com sucesso
[TRACE] 2009-02-03 12:38:51,018 [] [10.240.2.84] Pending XML, disconectado do SGFI com sucesso
[ INFO] 2009-02-03 12:38:51,019 [] [10.240.2.84] SENT: 220 Service ready for new user.
[ INFO] 2009-02-03 12:38:51,046 [] [10.240.2.84] RECEIVED: AUTH TLS
[ INFO] 2009-02-03 12:38:51,136 [] [10.240.2.84] SENT: 234 Command AUTH okay; starting TLS connection.
[ INFO] 2009-02-03 12:38:51,187 [] [10.240.2.84] RECEIVED: PBSZ 0
[ INFO] 2009-02-03 12:38:51,189 [] [10.240.2.84] SENT: 530 Access denied.
[ INFO] 2009-02-03 12:38:51,215 [] [10.240.2.84] RECEIVED: USER HCTRF
[ INFO] 2009-02-03 12:38:51,217 [hctrf] [10.240.2.84] SENT: 331 User name okay, need password for hctrf.
[ INFO] 2009-02-03 12:38:51,250 [hctrf] [10.240.2.84] RECEIVED: PASS *****
[DEBUG] 2009-02-03 12:38:51,250 [hctrf] [10.240.2.84] Native filesystem view created for user "hctrf" with root "/app/dados/InHC/"
[ INFO] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] Login success - hctrf
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] Inicio onLogin
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] User valido para ftplet
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] Temp DIR created
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] Print DIR created
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] Today DIR created
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] onLogin sem erros
[TRACE] 2009-02-03 12:38:51,251 [hctrf] [10.240.2.84] fim onLogin
[ INFO] 2009-02-03 12:38:51,252 [hctrf] [10.240.2.84] SENT: 230 User logged in, proceed.
[ INFO] 2009-02-03 12:38:51,279 [hctrf] [10.240.2.84] RECEIVED: TYPE I
[ INFO] 2009-02-03 12:38:51,280 [hctrf] [10.240.2.84] SENT: 200 Command TYPE okay.
[ INFO] 2009-02-03 12:38:51,306 [hctrf] [10.240.2.84] RECEIVED: PASV
[DEBUG] 2009-02-03 12:38:51,307 [hctrf] [10.240.2.84] Initiating passive data connection
[DEBUG] 2009-02-03 12:43:48,618 [] [] Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(Unknown Source)
at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:155)
at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:386)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:817)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$HeadFilter.sessionClosed(DefaultIoFilterChain.java:598)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:373)
at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:229)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:485)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.remove(AbstractPollingIoProcessor.java:455)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:58)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Worker.run(AbstractPollingIoProcessor.java:862)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[ INFO] 2009-02-03 12:43:48,661 [] [10.240.2.84] CREATED
[ INFO] 2009-02-03 12:43:48,661 [hctrf] [10.240.2.84] OPENED
[TRACE] 2009-02-03 12:43:48,661 [hctrf] [10.240.2.84] Inicio da transferencia de pendings xml
[TRACE] 2009-02-03 12:43:48,731 [hctrf] [10.240.2.84] Existem 0pendings xml
[TRACE] 2009-02-03 12:43:48,823 [hctrf] [10.240.2.84] Pending XML, conecção ao SGFI com sucesso
[TRACE] 2009-02-03 12:43:48,826 [hctrf] [10.240.2.84] Pending XML, disconectado do SGFI com sucesso
[ INFO] 2009-02-03 12:43:48,827 [hctrf] [10.240.2.84] SENT: 220 Service ready for new user.
[ INFO] 2009-02-03 12:43:48,853 [hctrf] [10.240.2.84] RECEIVED: AUTH TLS
[ INFO] 2009-02-03 12:43:48,945 [hctrf] [10.240.2.84] SENT: 234 Command AUTH okay; starting TLS connection.
[ INFO] 2009-02-03 12:43:48,997 [hctrf] [10.240.2.84] RECEIVED: PBSZ 0
[ INFO] 2009-02-03 12:43:48,998 [hctrf] [10.240.2.84] SENT: 530 Access denied.
[ INFO] 2009-02-03 12:43:49,049 [hctrf] [10.240.2.84] RECEIVED: USER HCTRF
[ INFO] 2009-02-03 12:43:49,051 [hctrf] [10.240.2.84] SENT: 421 Maximum login limit has been reached.
[DEBUG] 2009-02-03 12:43:49,051 [] [] Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(Unknown Source)
at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:155)
at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:386)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilterChain.java:49)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed(DefaultIoFilterChain.java:817)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$HeadFilter.sessionClosed(DefaultIoFilterChain.java:598)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(DefaultIoFilterChain.java:378)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(DefaultIoFilterChain.java:373)
at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:229)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPollingIoProcessor.java:485)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.remove(AbstractPollingIoProcessor.java:455)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:58)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Worker.run(AbstractPollingIoProcessor.java:862)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[ INFO] 2009-02-03 12:43:49,052 [hctrf] [10.240.2.84] CLOSED
Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by "Loureiro, Gil" <gi...@logica.com>.
Hi,
I'm using M4.
The time out is set to:
<listeners>
<nio-listener name="default" port="990" implicit-ssl="false">
<ssl>
<keystore file="./res/ftpserver.jks" password="password" />
</ssl>
<data-connection idle-timeout="60">
<passive ports="989"/>
</data-connection>
</nio-listener>
</listeners>
Cumprimentos,
Loureiro, Gil
Document Engineering Manager
Document Services
_________________________________________
Edinfor - a LogicaCMG company
Rua Particular da EDP (à rua cidade Goa nº11), 2685 Sacavém
Portugal
M: +351 93 741 8888
E: gil.loureiro@edinfor.logicacmg.com
www.edinfor.logicacmg.com
-----Original Message-----
From: Niklas Gustavsson [mailto:niklas@protocol7.com]
Sent: sexta-feira, 6 de Fevereiro de 2009 9:57
To: ftpserver-users@mina.apache.org
Subject: Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
On Thu, Feb 5, 2009 at 11:35 AM, Loureiro, Gil <gi...@logica.com> wrote:
> The problem is the time-out never appends, I've the ftpserver.user.hctrf.idletime=60 but the dead-lock is forever.
Which version of FtpServer are you using? What's your timeout value
for the server?
> I'm I doing something wrong?
I don't think so, FtpServer should always timeout a dead session as
long as the configuration is correctly set.
/niklas
Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Thu, Feb 5, 2009 at 11:35 AM, Loureiro, Gil <gi...@logica.com> wrote:
> The problem is the time-out never appends, I've the ftpserver.user.hctrf.idletime=60 but the dead-lock is forever.
Which version of FtpServer are you using? What's your timeout value
for the server?
> I'm I doing something wrong?
I don't think so, FtpServer should always timeout a dead session as
long as the configuration is correctly set.
/niklas
RE: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by "Loureiro, Gil" <gi...@logica.com>.
The problem is the time-out never appends, I've the ftpserver.user.hctrf.idletime=60 but the dead-lock is forever.
I'm I doing something wrong?
Cumprimentos,
Loureiro, Gil
Document Engineering Manager
Document Services
_________________________________________
Edinfor - a LogicaCMG company
Rua Particular da EDP (à rua cidade Goa nº11), 2685 Sacavém
Portugal
M: +351 93 741 8888
E: gil.loureiro@edinfor.logicacmg.com
www.edinfor.logicacmg.com
-----Original Message-----
From: Niklas Gustavsson [mailto:niklas@protocol7.com]
Sent: quarta-feira, 4 de Fevereiro de 2009 21:46
To: ftpserver-users@mina.apache.org
Subject: Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
On Wed, Feb 4, 2009 at 11:32 AM, Loureiro, Gil <gi...@logica.com> wrote:
> What should not append is let the session hanged, its is possible in some way?
The session might dead lock if the client does not receive a reply. In
that case, the session will lock until the client disconnect or is
disconnected due to a timeout. And, as in your case, with only one
allowed connection, that means the entire server is pretty much
useless.
/niklas
Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Wed, Feb 4, 2009 at 11:32 AM, Loureiro, Gil <gi...@logica.com> wrote:
> What should not append is let the session hanged, its is possible in some way?
The session might dead lock if the client does not receive a reply. In
that case, the session will lock until the client disconnect or is
disconnected due to a timeout. And, as in your case, with only one
allowed connection, that means the entire server is pretty much
useless.
/niklas
RE: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by "Loureiro, Gil" <gi...@logica.com>.
Hi,
The client is lftp; but I've found that I've raised an exception inside my ftplet....
What should not append is let the session hanged, its is possible in some way?
Cumprimentos,
Loureiro, Gil
Document Engineering Manager
Document Services
_________________________________________
Edinfor - a LogicaCMG company
Rua Particular da EDP (à rua cidade Goa nº11), 2685 Sacavém
Portugal
M: +351 93 741 8888
E: gil.loureiro@edinfor.logicacmg.com
www.edinfor.logicacmg.com
-----Original Message-----
From: Niklas Gustavsson [mailto:niklas@protocol7.com]
Sent: terça-feira, 3 de Fevereiro de 2009 19:18
To: ftpserver-users@mina.apache.org
Subject: Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
On Tue, Feb 3, 2009 at 2:10 PM, Loureiro, Gil <gi...@logica.com> wrote:
> I'm getting a strange error that appends in a random way.
>
> My instance allows only one connection for the user hctrf.
>
> Bellow is the log with trace, where we can see in a PASV command the system raises an "Unexpected exception from SSLEngine.closeInbound()." followed by a try to open a new session, that obviously returns a 421.
The reason for the exception is likely that the client or the network
disconnects without closing down the SSL session. The opening of the
new session is likely due to the client connecting again. Would you
know what client this is? It looks like is trying to open a new socket
without login in, something which FtpServer (and likely any other FTP
server) would support.
/niklas
Please help Logica to respect the environment by not printing this email / Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail / Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei die Umwelt zu schuetzen / Por favor ajude a Logica a respeitar o ambiente não imprimindo este correio electrónico.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: Maximum Login due: Unexpected exception from SSLEngine.closeInbound().
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Tue, Feb 3, 2009 at 2:10 PM, Loureiro, Gil <gi...@logica.com> wrote:
> I'm getting a strange error that appends in a random way.
>
> My instance allows only one connection for the user hctrf.
>
> Bellow is the log with trace, where we can see in a PASV command the system raises an "Unexpected exception from SSLEngine.closeInbound()." followed by a try to open a new session, that obviously returns a 421.
The reason for the exception is likely that the client or the network
disconnects without closing down the SSL session. The opening of the
new session is likely due to the client connecting again. Would you
know what client this is? It looks like is trying to open a new socket
without login in, something which FtpServer (and likely any other FTP
server) would support.
/niklas