Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8EB55DAAD for ; Wed, 28 Nov 2012 10:37:01 +0000 (UTC) Received: (qmail 59852 invoked by uid 500); 28 Nov 2012 10:37:01 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 59615 invoked by uid 500); 28 Nov 2012 10:37:00 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 59176 invoked by uid 99); 28 Nov 2012 10:36:58 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2012 10:36:58 +0000 Date: Wed, 28 Nov 2012 10:36:58 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: <1796726298.31985.1354099018317.JavaMail.jiratomcat@arcas> In-Reply-To: <105207383.47993.1350339423661.JavaMail.jiratomcat@arcas> Subject: [jira] [Commented] (HTTPCORE-319) SSLIOSession goes into a loop if the server rejects an invalid certificate MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCORE-319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13505352#comment-13505352 ] Oleg Kalnichevski commented on HTTPCORE-319: -------------------------------------------- Scott, Could you please re-test your application with 4.2.3 to be sure the problem is reproducible with the official release of HttpCore (just in case something might have gone wrong when the patch had been applied). 4.2.3 should be available in the Maven central and its mirrors by now. Oleg > SSLIOSession goes into a loop if the server rejects an invalid certificate > -------------------------------------------------------------------------- > > Key: HTTPCORE-319 > URL: https://issues.apache.org/jira/browse/HTTPCORE-319 > Project: HttpComponents HttpCore > Issue Type: Bug > Components: HttpCore NIO > Affects Versions: 4.2.2 > Reporter: Scott Stanton > Priority: Critical > Fix For: 4.2.3 > > > To reproduce: > * Set up an SSL server that requests certificates from the client. > * Set up a client with an expired SSL certificate. > * Establish a connection from the client to the server using BaseNIOReactor and SSLIOSession. > The server will proceed through the handshake until the client supplies its certificate in response to the CertificateRequest message. At this point, the server's certificate verification will fail and it will close the connection. > The client socket will become readable due to the EOF and the SSLIOSession.isAppInputReady() method is called to handle the EOF. The bytesRead gets set to -1, which sets this.endOfStream = true. Nothing ever sets the session into the CLOSING or CLOSED state, so it keeps looping on the readable EOF event. > I'm not sure what the best approach to fixing this should be. It appears that if I close the session manually with the debugger from inside isAppInputReady, the system proceeds normally from that point, however I don't know what the implications of doing that might be. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org