You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Paul Donohue (JIRA)" <ji...@apache.org> on 2012/11/15 18:06:12 UTC
[jira] [Commented] (HTTPCORE-322) SSLIOSession infinite loop after
alert during handshake
[ https://issues.apache.org/jira/browse/HTTPCORE-322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498138#comment-13498138 ]
Paul Donohue commented on HTTPCORE-322:
---------------------------------------
I believe the root of the problem lies in SSLIOSession.isAppInputReady(), which calls:
doHandshake();
decryptData();
In the above case, I believe what happened is:
- Connection was established, then isAppInputReady() was called before the full ClientHello was received
- isAppInputReady() called doHandshake(), which got NEED_UNWRAP and called doUnwrap()
- Since the full ClientHello hadn't been received yet, SSLEngineImpl.readNetRecord() returned Status.BUFFER_UNDERFLOW (which propagated back up and was returned by doUnwrap()), causing doHandshake() to return
- isAppInputReady() called decryptData()
- Somewhere after the underflow check in readNetRecord() and before the "this.inEncrypted.position() > 0" check in decryptData(), we finished receiving the ClientHello message and the CloseNotify Alert
- decryptData() called doUnwrap(), which read the ClientHello and (since it was resuming a session) generated ServerHello, ChangeCipherSpec, and Finished messages, then doUnwrap() returned
- Due to the unprocessed Alert still in the buffer, decryptData() called doUnwrap() again
- doUnwrap() calls SSLEngine.unwrap() calls SSLEngineImpl.readNetRecord() calls SSLEngineImpl.getHSStatus(), which returns NEED_WRAP due to the pending messages that need to be written out, which causes doUnwrap() to return with Status.OK
- decryptData() loops forever calling doUnwrap(), which keeps returning NEED_WRAP
> SSLIOSession infinite loop after alert during handshake
> -------------------------------------------------------
>
> Key: HTTPCORE-322
> URL: https://issues.apache.org/jira/browse/HTTPCORE-322
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Reporter: Paul Donohue
> Priority: Critical
>
> I have an application using httpcore-nio that occasionally gets stuck in an infinite loop in SSLIOSession:
> "I/O dispatcher 1" prio=10 tid=0x00002aaab82da000 nid=0x5448 runnable [0x000000004271c000]
> java.lang.Thread.State: RUNNABLE
> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:767)
> - locked <0x00000000a4f03420> (a sun.security.ssl.SSLEngineImpl)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:719)
> - locked <0x00000000a51faaa0> (a java.lang.Object)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:228)
> at org.apache.http.nio.reactor.ssl.SSLIOSession.decryptData(SSLIOSession.java:348)
> at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:371)
> - locked <0x00000000a4f03498> (a org.apache.http.nio.reactor.ssl.SSLIOSession)
> at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118)
> at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280)
> at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
> at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604)
> at java.lang.Thread.run(Thread.java:636)
> In the above example, I was able to determine that this behavior was caused by a client sending a ClientHello that resumed an established session, immediately followed by a CloseNotify Alert. This sequence only sometimes triggers the infinite loop, so the problem appears to be timing related. I get the feeling that there are other sequences that may trigger this, but I don't have any other concrete examples at the moment.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org