tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Tomcat closes Websocket connection when using a SSL HTTP APR connector (was: RE: Tagging 7.0.46)
Date Sat, 19 Oct 2013 22:31:25 GMT
On 18/10/2013 19:37, Mark Thomas wrote:
> On 18/10/2013 13:54, Mark Thomas wrote:
>> On 18/10/2013 12:48, Mark Thomas wrote:
>>> When it goes wrong, the sequence is:
>>> Read result [1]
>>> Read result [48]
>>> Read result [-20014]
>>> 18-Oct-2013 12:23:25.298 SEVERE [http-apr-8443-exec-1]
>>> websocket.drawboard.DrawboardEndpoint.onError onError:
>>> Unexpected error [20,014] reading data from the
>>> APR/native socket [364,180,784].
>> I've dug in to what could trigger the 20014 error code. I've got as far
>> as ssl_socket_recv() in native\src\sslnetwork.c
>> There appear to be a number of ways that the code could end up returning
>> 20014. The next step is to figure out which it is.
> I've made some progress. I've captured a failure with Wireshark with an
> SSL configuration that Wireshark can decrypt with the server's private
> key (SSLProtocol="SSLv3", SSLCipherSuite="RC4-MD5") and it shows nothing
> unusual until Tomcat initiates the close.
> To progress I need to create a new tcnative with some debug info so I
> guess I'll have to return to trying to get my local build environment
> set up correctly.

No joy getting a Windows build environment created but the error also
occurs on Linux and I do have a working build environment there. The
various errors reported in ssl_socket_recv() are:

SSL_READ returns -1
SSL_get_error returns 5 (SSL_ERROR_SYSCALL)
apr_get_netos_error returns 11 (APR_STATUS_IS_ENOTSOCK)

At this point it looks like the issue is in the tcnative / APR / OpenSSL
integration and I am way out of my depth.

Looking at the source code for APR reads, the InternalAprInputBuffer
uses Socket.recvbb() whereas AprServletInputStream current uses
Socket.recv(). My short-term plan is to switch AprServletInputStream to
Socket.recvbb() for SSL and see if that fixes the problem.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message