hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-319) SSLIOSession goes into a loop if the server rejects an invalid certificate
Date Fri, 30 Nov 2012 23:13:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13507741#comment-13507741
] 

Oleg Kalnichevski commented on HTTPCORE-319:
--------------------------------------------

Hi Scott
I believe I have found and (hopefully) fixed the problem. It turned out to be quite tricky.
Several rare conditions have to coincide in order to leave the affected SSL connection effectively
locked in the CLOSING state being both unable to decrypt incoming data and flush output data
and close itself gracefully. So, for the problem to occur the underlying connection has to
be abnormally terminated by the opposite end in the middle of a request execution. There has
to be a partial or corrupt incoming message stuck in the SSL input buffer which cannot be
decrypted without more data (leaving the SSL engine permanently stuck in the UNWRAP state).
There has to be some data still stuck in the session output buffer (POST request body in your
code) which needs to be flushed in order to close the connection gracefully. The bug causes
the SSL I/O session to incorrectly set the i/o event interest mask (output interest does not
get activated while the SSL engine is in the UNWRAP state).

There are different ways of approaching the problem. I committed a rather non-intrusive fix
which I believe should fix the problem but I would need your confirmation that this is indeed
the case. I also added more SSL session details that get printed to the log and a few defensive
checks.  Could you please get the latest code from the 4.2.x branch (with this fix [1]) and
try it out in your environment? If the problem still persists, please attach a complete wire
log of the session to this ticket. I would have to try something more invasive.

Oleg

[1] http://svn.apache.org/viewvc?view=revision&revision=1415878
                
> SSLIOSession goes into a loop if the server rejects an invalid certificate
> --------------------------------------------------------------------------
>
>                 Key: HTTPCORE-319
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-319
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.2.2
>            Reporter: Scott Stanton
>            Assignee: Oleg Kalnichevski
>            Priority: Critical
>             Fix For: 4.2.3
>
>         Attachments: log
>
>
> To reproduce:
> * Set up an SSL server that requests certificates from the client.
> * Set up a client with an expired SSL certificate.
> * Establish a connection from the client to the server using BaseNIOReactor and SSLIOSession.
> The server will proceed through the handshake until the client supplies its certificate
in response to the CertificateRequest message.  At this point, the server's certificate verification
will fail and it will close the connection. 
> The client socket will become readable due to the EOF and the SSLIOSession.isAppInputReady()
method is called to handle the EOF.  The bytesRead gets set to -1, which sets this.endOfStream
= true.  Nothing ever sets the session into the CLOSING or CLOSED state, so it keeps looping
on the readable EOF event.
> I'm not sure what the best approach to fixing this should be.  It appears that if I close
the session manually with the debugger from inside isAppInputReady, the system proceeds normally
from that point, however I don't know what the implications of doing that might be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message