qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-6981) SSLSender does not send the close_notify bytes during client initiated connection close
Date Sat, 09 Jan 2016 17:09:39 GMT
Keith Wall created QPID-6981:
--------------------------------

             Summary: SSLSender does not send the close_notify bytes during client initiated
connection close 
                 Key: QPID-6981
                 URL: https://issues.apache.org/jira/browse/QPID-6981
             Project: Qpid
          Issue Type: Bug
          Components: Java Client, Java Common
    Affects Versions: qpid-java-6.0
            Reporter: Keith Wall


If I close an connection using TLS from the client side, the socket is successfully closed,
but the SSL close_notify bytes are never sent over the wire.  The Java Broker logs a stack
trace to report this. 

The client side problem is in {{SSLSender#tearDownSSLConnection}}.  

The following in the log of {{SSLTest.testCreateSSLConnectionUsingConnectionURLParams}} augments
with extra trace in tearDownSSLConnection/IoSender.

{noformat}
2016-01-09 17:01:01,047         DEBUG [IoRcvr-/127.0.0.1:51231-localhost/127.0.0.1:51229]
o.a.q.t.Connection RECV: [conn:618c5d94] ch=0 ConnectionCloseOk()
2016-01-09 17:01:01,048         DEBUG [IoRcvr-/127.0.0.1:51231-localhost/127.0.0.1:51229]
o.a.q.t.n.s.s.SSLSender Closing SSL connection
2016-01-09 17:01:01,048         DEBUG [IoRcvr-/127.0.0.1:51231-localhost/127.0.0.1:51229]
o.a.q.t.n.s.s.SSLSender SSLEngine result Status = BUFFER_OVERFLOW HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0 (tearDownSSLConnection initial wrap)
2016-01-09 17:01:01,048         DEBUG [IO-/127.0.0.1:51231] o.a.q.s.t.MultiVersionProtocolEngine
Closed
2016-01-09 17:01:01,048         DEBUG [IoRcvr-/127.0.0.1:51231-localhost/127.0.0.1:51229]
o.a.q.t.n.s.s.SSLSender SSLEngine result Status = CLOSED HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 85 (tearDownSSLConnection loop wrap)
##  These 85 bytes never go down the wire
2016-01-09 17:01:01,048         DEBUG [IoRcvr-/127.0.0.1:51231-localhost/127.0.0.1:51229]
o.a.q.t.Connection connection closed: conn:618c5d94
{noformat}

The Java Broker logs the a stack trace at debug complaining that it never received the close_notify.
 It otherwise ignores the condition.

{noformat}
2016-01-09 17:01:01,055         DEBUG [IO-/127.0.0.1:51231] o.a.q.s.t.NonBlockingConnectionTLSDelegate
Exception when closing SSLEngine
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible
truncation attack?
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.8.0_45]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[na:1.8.0_45]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[na:1.8.0_45]
        at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561) ~[na:1.8.0_45]
        at org.apache.qpid.server.transport.NonBlockingConnectionTLSDelegate.shutdownOutput(NonBlockingConnectionTLSDelegate.java:364)
~[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.NonBlockingConnection.shutdownOutput(NonBlockingConnection.java:409)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.NonBlockingConnection.shutdown(NonBlockingConnection.java:360)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.NonBlockingConnection.doWork(NonBlockingConnection.java:299)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.NetworkConnectionScheduler.processConnection(NetworkConnectionScheduler.java:108)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.SelectorThread$ConnectionProcessor.processConnection(SelectorThread.java:502)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.SelectorThread$SelectionTask.performSelect(SelectorThread.java:340)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.SelectorThread$SelectionTask.run(SelectorThread.java:86)
[qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at org.apache.qpid.server.transport.SelectorThread.run(SelectorThread.java:460) [qpid-broker-core-6.1.0-SNAPSHOT.jar:6.1.0-SNAPSHOT]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[na:1.8.0_45]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[na:1.8.0_45]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
{noformat}








--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message