You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Scott Stanton (JIRA)" <ji...@apache.org> on 2012/12/07 23:23:21 UTC
[jira] [Comment Edited] (HTTPCORE-319) SSLIOSession goes into a
loop if the server rejects an invalid certificate
[ https://issues.apache.org/jira/browse/HTTPCORE-319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13526605#comment-13526605 ]
Scott Stanton edited comment on HTTPCORE-319 at 12/7/12 10:22 PM:
------------------------------------------------------------------
Unfortunately we're still seeing the busy loop. I've attached the log that I have from this failure. The sequence appears to be similar to last time in that the socket is closed while there is pending data in the write buffer. The ssl engine handshaker is reporting that need_unwrap is true on the socket.
was (Author: stanton):
Unfortunately we're still seeing the busy loop. I've attached the log that I have from this failure. Interestingly, this time it appears to be after the handshake is done. I'll try to get more details, but it took us 3 days to see this failure.
> SSLIOSession goes into a loop if the server rejects an invalid certificate
> --------------------------------------------------------------------------
>
> Key: HTTPCORE-319
> URL: https://issues.apache.org/jira/browse/HTTPCORE-319
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore NIO
> Affects Versions: 4.2.2
> Reporter: Scott Stanton
> Assignee: Oleg Kalnichevski
> Priority: Critical
> Fix For: 4.3-alpha2
>
> Attachments: bug.log, log
>
>
> To reproduce:
> * Set up an SSL server that requests certificates from the client.
> * Set up a client with an expired SSL certificate.
> * Establish a connection from the client to the server using BaseNIOReactor and SSLIOSession.
> The server will proceed through the handshake until the client supplies its certificate in response to the CertificateRequest message. At this point, the server's certificate verification will fail and it will close the connection.
> The client socket will become readable due to the EOF and the SSLIOSession.isAppInputReady() method is called to handle the EOF. The bytesRead gets set to -1, which sets this.endOfStream = true. Nothing ever sets the session into the CLOSING or CLOSED state, so it keeps looping on the readable EOF event.
> I'm not sure what the best approach to fixing this should be. It appears that if I close the session manually with the debugger from inside isAppInputReady, the system proceeds normally from that point, however I don't know what the implications of doing that might be.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org