SSL client authenticate failed
------------------------------
Key: AXIS2C-728
URL: https://issues.apache.org/jira/browse/AXIS2C-728
Project: Axis2-C
Issue Type: Bug
Components: core/transport
Affects Versions: 1.1.0
Environment: OS:RedHar Linux v5
Reporter: tsunoda norihiko
Fix For: 1.1.0
I make a client program to perform SSL client authentication/server
authentication using Axis2/C.
In the environment only for the server authentication, the program worked
normally.
But I cannot receive the response message in the client authentication
environment and detected error code 82 - "Input stream is NULL in msg_ctx".
When I confirm server side.
SSL handshake and message transmission to the client worked normally.
I found that an error occurred in axis2_ssl_stream_read() when I debugged a
client program.
${axis2c_src}/src/core/transport/http/sender/ssl/ssl_stream.c
>>>
146 int AXIS2_CALL
147 axis2_ssl_stream_read(
148 axutil_stream_t *stream,
149 const axutil_env_t *env,
150 void *buffer,
151 size_t count
152 )
153 {
154 ssl_stream_impl_t *stream_impl = NULL;
155 int read = -1;
156 int len = -1;
157
158 AXIS2_ENV_CHECK(env, AXIS2_CRITICAL_FAILURE);
159
160 stream_impl = AXIS2_INTF_TO_IMPL(stream);
161
162 read = SSL_read(stream_impl->ssl , buffer, count);
163 switch (SSL_get_error(stream_impl->ssl , read))
164 {
165 case SSL_ERROR_NONE:
166 len = read;
167 break;
168 case SSL_ERROR_ZERO_RETURN:
169 len = -1;
170 break;
171 case SSL_ERROR_SYSCALL:
172 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
173 "SSL Error: Premature close");
174 len = -1;
175 break;
176 default:
177 len = -1;
178 break;
179 }
180 return len;
181 }
<<<
At the default case in the switch online 176, the value of len should not be
"-1".
SSL_get_error() return SSL_ERROR_WANT_READ.
The specifications of SSL_read() seem to be as follows.
>>>
In this case a call to SSL_get_error(3) with the return value of SSL_read()
will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
As at any time a re-negotiation is possible, a call to SSL_read() can also
cause write operations!
The calling process then must repeat the call after taking appropriate action
to satisfy the needs of SSL_read().
<<<
(http://www.openssl.org/docs/ssl/SSL_read.html#NOTES)
I could get a response message when I debug as follows.
${axis2c_src}/src/core/transport/http/sender/http_client.c
>>>
413 /* read the status line */
414 do
415 {
416 memset(str_status_line, 0, 512);
417 while ((read = axutil_stream_read(client->data_stream, env,
tmp_buf,
418 1)) > 0)
419 {
420 tmp_buf[read] = '\0';
421 strcat(str_status_line, tmp_buf);
422 if (0 != strstr(str_status_line, AXIS2_HTTP_CRLF))
423 {
424 end_of_line = AXIS2_TRUE;
425 break;
426 }
427 }
+ 428 /* debug */
+ 429 #if 0
430 if (read < 0)
431 {
432 AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[axis2c] http
client , response timed out" );
433 AXIS2_ERROR_SET(env->error,
434 AXIS2_ERROR_RESPONSE_TIMED_OUT,
435 AXIS2_FAILURE);
436 return -1;
437 }
438 else if (read == 0)
+ 439 #endif
+ 440 if(read == 0)
441 {
442 AXIS2_ERROR_SET(env->error,
443 AXIS2_ERROR_RESPONSE_SERVER_SHUTDOWN,
444 AXIS2_FAILURE);
445 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Response error,
Server Shutdown");
446 return 0;
447 }
<<<
However, this is my temporary modification.
What kind of method will be appropriate?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
