Return-Path: Delivered-To: apmail-ws-axis-c-dev-archive@www.apache.org Received: (qmail 46875 invoked from network); 16 Oct 2007 10:39:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Oct 2007 10:39:24 -0000 Received: (qmail 87696 invoked by uid 500); 16 Oct 2007 10:39:10 -0000 Delivered-To: apmail-ws-axis-c-dev-archive@ws.apache.org Received: (qmail 87685 invoked by uid 500); 16 Oct 2007 10:39:10 -0000 Mailing-List: contact axis-c-dev-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: "Apache AXIS C Developers List" Reply-To: "Apache AXIS C Developers List" Delivered-To: mailing list axis-c-dev@ws.apache.org Received: (qmail 87674 invoked by uid 99); 16 Oct 2007 10:39:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2007 03:39:10 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2007 10:39:11 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id AE6037141EB for ; Tue, 16 Oct 2007 03:38:50 -0700 (PDT) Message-ID: <32004703.1192531130710.JavaMail.jira@brutus> Date: Tue, 16 Oct 2007 03:38:50 -0700 (PDT) From: "tsunoda norihiko (JIRA)" To: axis-c-dev@ws.apache.org Subject: [jira] Created: (AXIS2C-728) SSL client authenticate failed MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org SSL client authenticate failed ------------------------------ Key: AXIS2C-728 URL: https://issues.apache.org/jira/browse/AXIS2C-728 Project: Axis2-C Issue Type: Bug Components: core/transport Affects Versions: 1.1.0 Environment: OS:RedHar Linux v5 Reporter: tsunoda norihiko Fix For: 1.1.0 I make a client program to perform SSL client authentication/server authentication using Axis2/C. In the environment only for the server authentication, the program worked normally. But I cannot receive the response message in the client authentication environment and detected error code 82 - "Input stream is NULL in msg_ctx". When I confirm server side. SSL handshake and message transmission to the client worked normally. I found that an error occurred in axis2_ssl_stream_read() when I debugged a client program. ${axis2c_src}/src/core/transport/http/sender/ssl/ssl_stream.c >>> 146 int AXIS2_CALL 147 axis2_ssl_stream_read( 148 axutil_stream_t *stream, 149 const axutil_env_t *env, 150 void *buffer, 151 size_t count 152 ) 153 { 154 ssl_stream_impl_t *stream_impl = NULL; 155 int read = -1; 156 int len = -1; 157 158 AXIS2_ENV_CHECK(env, AXIS2_CRITICAL_FAILURE); 159 160 stream_impl = AXIS2_INTF_TO_IMPL(stream); 161 162 read = SSL_read(stream_impl->ssl , buffer, count); 163 switch (SSL_get_error(stream_impl->ssl , read)) 164 { 165 case SSL_ERROR_NONE: 166 len = read; 167 break; 168 case SSL_ERROR_ZERO_RETURN: 169 len = -1; 170 break; 171 case SSL_ERROR_SYSCALL: 172 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, 173 "SSL Error: Premature close"); 174 len = -1; 175 break; 176 default: 177 len = -1; 178 break; 179 } 180 return len; 181 } <<< At the default case in the switch online 176, the value of len should not be "-1". SSL_get_error() return SSL_ERROR_WANT_READ. The specifications of SSL_read() seem to be as follows. >>> In this case a call to SSL_get_error(3) with the return value of SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_read(). <<< (http://www.openssl.org/docs/ssl/SSL_read.html#NOTES) I could get a response message when I debug as follows. ${axis2c_src}/src/core/transport/http/sender/http_client.c >>> 413 /* read the status line */ 414 do 415 { 416 memset(str_status_line, 0, 512); 417 while ((read = axutil_stream_read(client->data_stream, env, tmp_buf, 418 1)) > 0) 419 { 420 tmp_buf[read] = '\0'; 421 strcat(str_status_line, tmp_buf); 422 if (0 != strstr(str_status_line, AXIS2_HTTP_CRLF)) 423 { 424 end_of_line = AXIS2_TRUE; 425 break; 426 } 427 } + 428 /* debug */ + 429 #if 0 430 if (read < 0) 431 { 432 AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[axis2c] http client , response timed out" ); 433 AXIS2_ERROR_SET(env->error, 434 AXIS2_ERROR_RESPONSE_TIMED_OUT, 435 AXIS2_FAILURE); 436 return -1; 437 } 438 else if (read == 0) + 439 #endif + 440 if(read == 0) 441 { 442 AXIS2_ERROR_SET(env->error, 443 AXIS2_ERROR_RESPONSE_SERVER_SHUTDOWN, 444 AXIS2_FAILURE); 445 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Response error, Server Shutdown"); 446 return 0; 447 } <<< However, this is my temporary modification. What kind of method will be appropriate? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org For additional commands, e-mail: axis-c-dev-help@ws.apache.org