Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
MIME-Version: 1.0
In-Reply-To: <e2ab30de-6971-0a02-25a1-bf966b904584@apache.org>
References: <e2ab30de-6971-0a02-25a1-bf966b904584@apache.org>
From: =?UTF-8?Q?R=C3=A9my_Maucherat?= <remm@apache.org>
Date: Wed, 9 Aug 2017 09:43:51 +0200
Message-ID: <CANwj8ZrCnN+dauE4nWgCvr-bbhJ+DFRyapBiyjpd4MauSKFLrw@mail.gmail.com>
Subject: Re: Server TLS renegotiation issues with tc-native
To: Tomcat Developers List <dev@tomcat.apache.org>
Content-Type: multipart/alternative; boundary="001a114dbdf6bd72f405564d3dfe"

--001a114dbdf6bd72f405564d3dfe
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 8, 2017 at 10:07 PM, Mark Thomas <markt@apache.org> wrote:

> Hi,
>
> The good news is I have managed to unpick the various TLS issues I've
> been struggling with.
>
> The Chrome not selecting the user cert issue looks to be related to how
> many of the fields were complete in the DN. That has been resolved by
> recreating the test keys and certs I have been using.
>
> I was also seeing some ugly stack traces in the console during
> renegotiation. The root cause is the final issue in this mail but the
> stack traces were a sign of some edge cases in the error handling. These
> have been fixed in r1804463.
>
> NIO and NIO2 with JSSE work as expected.
>
> NIO and NIO2 with OpenSSL mostly work as expected. The only glitch is
> that because we don't specify a set of trusted certs, OpenSSL doesn't
> send any CA names to the user agent which in turn opts to display all of
> the available client certs. This is more a usability issue for users
> with lots of certs than a bug. I'll create a Bugzilla entry for this one.
>
> The final issue is the one I have tried, and failed, to solve. The
> renegotiation sequence with APR/native doesn't work as expected. I've
> been debugging may way through the call to SSL.renegotiate(long) and
> this is what happens:
>
> SSL_renegotiate() returns 1 (success)
> SSL_do_handshake() returns 1 (success)
> SSL_is_init_finished() returns 1 (success)
> SSL_peek() returns -1 (failure)
>   At this point the client prompts the user to select a certificate
>   The return code is not currently tested so the code continues
>   (If SSL_get_error() is called here, SSL_ERROR_WANT_READ is returned)
> SSL_is_init_finished() returns 1 (success)
>
> Execution returns to the Java code where no certs are found on the
> connection so a 401 response is sent back to the client.
>
> Shortly afterwards the user selects a certificate, the handshake
> continues and then the connection fails as soon as the handshake complete=
s.
>
> I think the behaviour we are seeing is because the connection is in
> non-blocking mode. I have tried various ways to handle this without
> success.
>
> Help with a solution very much appreciated.
>
> I think it would need the exact same algorithm as in OpenSSLEngine then
(which is a bit complex ...). renegociate actually does nothing, in
particular the SSL state remains as if the handshake was complete (as you
can see with the SSL isininit call). Actually, it needs to wrap/unwrap a
few times before it's actually done. To detect that the rehandshake is
done, you can either use the callback or hack using a statistics
(OpenSSLEngine calls  SSL.getHandshakeCount to see if a handshake was done
after IO operations). So that would probably be a significant amount of
native code changes.

IMO it's not really worth adding to APR, shouldn't we tell people to use
JSSE/OpenSSL instead now ?

R=C3=A9my

--001a114dbdf6bd72f405564d3dfe--