activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQCPP-422) When we specify self-signed certificate in PEM-formatted file as value of the "decaf.net.ssl.trustStore" property and SAN that does't match any name in failover URI, cms is crashing on "R6025 Pure Virtual Function Call" run-time error.
Date Wed, 15 Aug 2012 13:54:38 GMT

    [ https://issues.apache.org/jira/browse/AMQCPP-422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13435118#comment-13435118
] 

Jeffrey B commented on AMQCPP-422:
----------------------------------

I am having this or a very similar issue in 3.4.4 running on HPUX 11.31
When I start my client with ssl connector, one of two things happens.

1) It instantly says: 
Server Certificate Name doesn't match the URI Host Name value.
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 708
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 421
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 595
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocketOutputStream.cpp, LINE: 93
        FILE: decaf/io/OutputStream.cpp, LINE: 93
        FILE: decaf/io/OutputStream.cpp, LINE: 69
        FILE: decaf/io/BufferedOutputStream.cpp, LINE: 110
        FILE: decaf/io/FilterOutputStream.cpp, LINE: 139
        FILE: activemq/transport/IOTransport.cpp, LINE: 132
        FILE: activemq/transport/inactivity/InactivityMonitor.cpp, LINE: 381
        FILE: activemq/transport/inactivity/InactivityMonitor.cpp, LINE: 388
        FILE: activemq/wireformat/openwire/OpenWireFormatNegotiator.cpp, LINE: 233
        FILE: activemq/transport/correlator/ResponseCorrelator.cpp, LINE: 245
        FILE: activemq/core/ActiveMQConnectionFactory.cpp, LINE: 325
Memory fault(coredump)
this causes it to crash and coredump

2)It waits a few seconds and then says:
OpenWireFormatNegotiator::onewayWire format negotiation timeout: peer did not send his wire
format.
        FILE: activemq/wireformat/openwire/OpenWireFormatNegotiator.cpp, LINE: 73
        FILE: activemq/wireformat/openwire/OpenWireFormatNegotiator.cpp, LINE: 82
        FILE: activemq/transport/correlator/ResponseCorrelator.cpp, LINE: 132
        FILE: activemq/core/ActiveMQConnection.cpp, LINE: 916
        FILE: activemq/core/ActiveMQConnection.cpp, LINE: 968
        FILE: activemq/core/ActiveMQConnection.cpp, LINE: 544
Server Certificate Name doesn't match the URI Host Name value.
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 708
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 421
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp, LINE: 524
        FILE: decaf/internal/net/ssl/openssl/OpenSSLSocketInputStream.cpp, LINE: 106
        FILE: decaf/io/InputStream.cpp, LINE: 140
        FILE: decaf/io/InputStream.cpp, LINE: 74
        FILE: decaf/io/BufferedInputStream.cpp, LINE: 370
        FILE: decaf/io/BufferedInputStream.cpp, LINE: 258
        FILE: decaf/io/InputStream.cpp, LINE: 86
        FILE: decaf/io/DataInputStream.cpp, LINE: 502
        FILE: decaf/io/DataInputStream.cpp, LINE: 130
        FILE: activemq/wireformat/openwire/OpenWireFormat.cpp, LINE: 265
        FILE: activemq/transport/IOTransport.cpp, LINE: 258
        FILE: activemq/core/ActiveMQConnection.cpp, LINE: 299
This doesnt cause a crash, but it still fails.

I am able to use ssl easily and properly in a java client.  And my CPP client works well with
regular tcp, 
I have my keystore set up with decaf::lang::System::setProperty to a pem file containing my
public and private keys and the password, 
And then truststore set up to the self signed cert in ASCII .pem format of my broker and the
password.

I may be doing something wrong with my certificates, but I've been working on this for a few
days and cant get it working at all.
                
> When we specify self-signed certificate in PEM-formatted file as value of the "decaf.net.ssl.trustStore"
property and SAN that does't match any name in  failover URI, cms is crashing on "R6025 Pure
Virtual Function Call" run-time error.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQCPP-422
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-422
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: CMS Impl, Decaf
>    Affects Versions: 3.4.0, 3.4.2
>         Environment: Broker: 5.6.0,
> CMS 3.4.2
> Windows
>            Reporter: Mikhail Melamud
>            Assignee: Timothy Bish
>         Attachments: AMQTest.cpp, brokerkeystore.pem
>
>
> When we specify self-signed certificate in PEM-formatted file as value of the "decaf.net.ssl.trustStore"
property and SAN that does't match any name in  failover URI, cms is crashing on "R6025 Pure
Virtual Function Call" run-time error. I think, the issue can be attributed to multithreading...
After ??Server Certificate Name doesn't match the URI Host Name value.?? exception is thrown,
CMS is trying to fire an exception using listener pointer that is not instantiated properly
in _void TransportFilter::fire( const decaf::lang::Exception& ex )_  method...  It is
not happening all the time, so a simple unit test won't do...  I'm attaching a bit re-factored
_HelloWorldProducer_ app and the certificate file that I used... There is possibility that
it has something to with InactivityMonitor injected into transport filter chain... When I
tried {color:blue}"failover://(ssl://dev1467:61618?transport.useInactivityMonitor=false){color}
instead of {color:blue}"failover://(ssl://dev1467:61618)"{color} it behaves much more stable,
i.e. client app can be re-run many more times without a crash, still crashing though in OpenFormatNegotiator

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message