[
https://issues.apache.org/jira/browse/AXIS2C-728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537749
]
Dumindu Pallewela commented on AXIS2C-728:
------------------------------------------
I couldn't look in to this in detail, but going through the description, I
sense that this is potentially a bug (Last time I tested it worked!). Could you
please provide some more details on how this bug can be reproduced? Were you
using Apache2 as your server? And the rest of the configuration? (mod_ssl,
openssl, etc version)
> SSL client authenticate failed
> ------------------------------
>
> Key: AXIS2C-728
> URL: https://issues.apache.org/jira/browse/AXIS2C-728
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.1.0
> Environment: OS:RedHar Linux v5
> Reporter: tsunoda norihiko
> Fix For: 1.1.0
>
>
> I make a client program to perform SSL client authentication/server
> authentication using Axis2/C.
> In the environment only for the server authentication, the program worked
> normally.
> But I cannot receive the response message in the client authentication
> environment and detected error code 82 - "Input stream is NULL in msg_ctx".
> When I confirm server side.
> SSL handshake and message transmission to the client worked normally.
> I found that an error occurred in axis2_ssl_stream_read() when I debugged a
> client program.
> ${axis2c_src}/src/core/transport/http/sender/ssl/ssl_stream.c
> >>>
> 146 int AXIS2_CALL
> 147 axis2_ssl_stream_read(
> 148 axutil_stream_t *stream,
> 149 const axutil_env_t *env,
> 150 void *buffer,
> 151 size_t count
> 152 )
> 153 {
> 154 ssl_stream_impl_t *stream_impl = NULL;
> 155 int read = -1;
> 156 int len = -1;
> 157
> 158 AXIS2_ENV_CHECK(env, AXIS2_CRITICAL_FAILURE);
> 159
> 160 stream_impl = AXIS2_INTF_TO_IMPL(stream);
> 161
> 162 read = SSL_read(stream_impl->ssl , buffer, count);
> 163 switch (SSL_get_error(stream_impl->ssl , read))
> 164 {
> 165 case SSL_ERROR_NONE:
> 166 len = read;
> 167 break;
> 168 case SSL_ERROR_ZERO_RETURN:
> 169 len = -1;
> 170 break;
> 171 case SSL_ERROR_SYSCALL:
> 172 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
> 173 "SSL Error: Premature close");
> 174 len = -1;
> 175 break;
> 176 default:
> 177 len = -1;
> 178 break;
> 179 }
> 180 return len;
> 181 }
> <<<
> At the default case in the switch online 176, the value of len should not be
> "-1".
> SSL_get_error() return SSL_ERROR_WANT_READ.
> The specifications of SSL_read() seem to be as follows.
> >>>
> In this case a call to SSL_get_error(3) with the return value of SSL_read()
> will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
> As at any time a re-negotiation is possible, a call to SSL_read() can also
> cause write operations!
> The calling process then must repeat the call after taking appropriate action
> to satisfy the needs of SSL_read().
> <<<
> (http://www.openssl.org/docs/ssl/SSL_read.html#NOTES)
> I could get a response message when I debug as follows.
> ${axis2c_src}/src/core/transport/http/sender/http_client.c
> >>>
> 413 /* read the status line */
> 414 do
> 415 {
> 416 memset(str_status_line, 0, 512);
> 417 while ((read = axutil_stream_read(client->data_stream, env,
> tmp_buf,
> 418 1)) > 0)
> 419 {
> 420 tmp_buf[read] = '\0';
> 421 strcat(str_status_line, tmp_buf);
> 422 if (0 != strstr(str_status_line, AXIS2_HTTP_CRLF))
> 423 {
> 424 end_of_line = AXIS2_TRUE;
> 425 break;
> 426 }
> 427 }
> + 428 /* debug */
> + 429 #if 0
> 430 if (read < 0)
> 431 {
> 432 AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[axis2c] http
> client , response timed out" );
> 433 AXIS2_ERROR_SET(env->error,
> 434 AXIS2_ERROR_RESPONSE_TIMED_OUT,
> 435 AXIS2_FAILURE);
> 436 return -1;
> 437 }
> 438 else if (read == 0)
> + 439 #endif
> + 440 if(read == 0)
> 441 {
> 442 AXIS2_ERROR_SET(env->error,
> 443 AXIS2_ERROR_RESPONSE_SERVER_SHUTDOWN,
> 444 AXIS2_FAILURE);
> 445 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Response error,
> Server Shutdown");
> 446 return 0;
> 447 }
> <<<
> However, this is my temporary modification.
> What kind of method will be appropriate?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
