hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-319) SSLIOSession goes into a loop if the server rejects an invalid certificate
Date Sat, 08 Dec 2012 13:33:21 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13527139#comment-13527139
] 

Oleg Kalnichevski commented on HTTPCORE-319:
--------------------------------------------

Hi Scott

I think it is pretty clear as to what is causing the loop. What I am still unsure about is
to how terminate it correctly without losing ability to gracefully terminate half-closed SSL
connections. One thing makes no sense to me is why we are not seeing any 'produce output'
events firing even though the session clearly has write interest and readiness flags set.

Oleg
                
> SSLIOSession goes into a loop if the server rejects an invalid certificate
> --------------------------------------------------------------------------
>
>                 Key: HTTPCORE-319
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-319
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.2.2
>            Reporter: Scott Stanton
>            Assignee: Oleg Kalnichevski
>            Priority: Critical
>             Fix For: 4.3-alpha2
>
>         Attachments: bug.log, log
>
>
> To reproduce:
> * Set up an SSL server that requests certificates from the client.
> * Set up a client with an expired SSL certificate.
> * Establish a connection from the client to the server using BaseNIOReactor and SSLIOSession.
> The server will proceed through the handshake until the client supplies its certificate
in response to the CertificateRequest message.  At this point, the server's certificate verification
will fail and it will close the connection. 
> The client socket will become readable due to the EOF and the SSLIOSession.isAppInputReady()
method is called to handle the EOF.  The bytesRead gets set to -1, which sets this.endOfStream
= true.  Nothing ever sets the session into the CLOSING or CLOSED state, so it keeps looping
on the readable EOF event.
> I'm not sure what the best approach to fixing this should be.  It appears that if I close
the session manually with the debugger from inside isAppInputReady, the system proceeds normally
from that point, however I don't know what the implications of doing that might be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message