This is an automated email from the ASF dual-hosted git repository. haonan pushed a commit to branch fix_sslclient_to_nonsslserver_stuck in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 6a914e7a6fde42f7ada4c9a014f6b28ae5e492cd Author: HTHou <[email protected]> AuthorDate: Sun Sep 28 11:18:39 2025 +0800 Throw exception when client with ssl try to connect with server without ssl --- example/jdbc/pom.xml | 8 +++++ .../apache/iotdb/rpc/TElasticFramedTransport.java | 17 +++++++++- .../iotdb/rpc/TElasticFramedTransportTest.java | 37 ++++++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/example/jdbc/pom.xml b/example/jdbc/pom.xml index 54899831be4..83f397d63ef 100644 --- a/example/jdbc/pom.xml +++ b/example/jdbc/pom.xml @@ -39,5 +39,13 @@ <artifactId>iotdb-jdbc</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </dependency> </dependencies> </project> diff --git a/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java b/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java index 5cc626fff2f..05a6a83117d 100644 --- a/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java +++ b/iotdb-client/service-rpc/src/main/java/org/apache/iotdb/rpc/TElasticFramedTransport.java @@ -149,13 +149,28 @@ public class TElasticFramedTransport extends TTransport { TTransportException.CORRUPTED_DATA, "Singular frame size (" + size - + ") detected, you may be sending HTTP GET/POST requests to the Thrift-RPC port, please confirm that you are using the right port"); + + ") detected, you may be sending HTTP GET/POST requests to the Thrift-RPC port, " + + "please confirm that you are using the right port"); } else { throw new TTransportException( TTransportException.CORRUPTED_DATA, "Frame size (" + size + ") larger than protect max size (" + thriftMaxFrameSize + ")!"); } } + + int high24 = size >>> 8; + if (high24 >= 0x160300 && high24 <= 0x160303 && (i32buf[3] & 0xFF) <= 0x02) { + // The typical TLS ClientHello requests start with 0x160300 ~ 0x160303 + // The 4th byte is typically in [0x00, 0x01, 0x02]. + close(); + throw new TTransportException( + TTransportException.CORRUPTED_DATA, + "Singular frame size (" + + size + + ") detected, you may be sending TLS ClientHello requests to the Non-SSL Thrift-RPC" + + " port, please confirm that you are using the right configuration"); + } + readBuffer.fill(underlying, size); } diff --git a/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java b/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java index 086dc338250..d9e99ec8232 100644 --- a/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java +++ b/iotdb-client/service-rpc/src/test/java/org/apache/iotdb/rpc/TElasticFramedTransportTest.java @@ -67,5 +67,42 @@ public class TElasticFramedTransportTest { "Singular frame size (1347375956) detected, you may be sending HTTP GET/POST requests to the Thrift-RPC port, please confirm that you are using the right port", e.getMessage()); } + + try { + TElasticFramedTransport transport = + new TElasticFramedTransport( + new TByteBuffer(ByteBuffer.wrap(getTypicalTLSClientHelloByteArray())), + 128 * 1024 * 1024, + 512 * 1024 * 1024, + false); + transport.open(); + transport.read(ByteBuffer.allocate(4096)); + fail("Exception expected"); + } catch (TTransportException e) { + assertEquals( + "Singular frame size (369296129) detected, you may be sending TLS ClientHello requests to the Non-SSL Thrift-RPC port, please confirm that you are using the right configuration", + e.getMessage()); + } + } + + private static byte[] getTypicalTLSClientHelloByteArray() { + String clientHelloHex = + "16030301B3010001AF0303CEC349A4962AFCE0390D4E33D24050D1BF6B1CA63B190A25" + + "BCFB83D87A3E352C20187B978A0EB2F554EC0E41A4CA34B850B2CE472EAB7B3F58443DE7CDBE901412004A13" + + "0213011303C02CC02BCCA9C030CCA8C02F009FCCAA00A3009E00A2C024C028C023C027006B006A00670040C0" + + "0AC014C009C0130039003800330032009D009C003D003C0035002F00FF0100011C000500050100000000000A" + + "00160014001D001700180019001E01000101010201030104000B000201000011000900070200040000000000" + + "17000000230000000D002C002A040305030603080708080804080508060809080A080B040105010601040203" + + "0303010302020302010202002B00050403040303002D000201010032002C002A040305030603080708080804" + + "080508060809080A080B04010501060104020303030103020203020102020033006B0069001D002097B98B24" + + "B9A97EB7C913BDB8B363E79C9D47935264B2CF83BF422571FBD41C360017004104FC839279D372DCB60680D2" + + "81B3DC8D3B88F6231A880A3650FD45322A79C9EA14CE073C0B71FC0AF9683BFC6DA95EB23B4122EC9E09EB7F" + + "88FF565415DDF44367"; + byte[] bytes = new byte[clientHelloHex.length() / 2]; + for (int i = 0; i < clientHelloHex.length(); i += 2) { + int value = Integer.parseInt(clientHelloHex.substring(i, i + 2), 16); + bytes[i / 2] = (byte) value; + } + return bytes; } }
