[
https://issues.apache.org/jira/browse/DERBY-2796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504608
]
Bernt M. Johnsen commented on DERBY-2796:
-----------------------------------------
Suggestion:
I'll try and get rid of the SSLException stack trace and change the two obscure
error messages to e.g.:
ERROR 58009: A network protocol error was encountered and the connection has
been terminated: A PROTOCOL Data Stream Syntax Error was detected. Reason: 0x3.
Plaintext connection to an SSL enabled server?
and
Invalid reply header from network server: Invalid string . Plaintext connection
to an SSL enabled server?
-------------------------------------------------------
There is also another case: If you run an ssl-enabled client against a
plaintext server, you will get the following on the server console output:
Execution failed because of a Distributed Protocol Error: DRDA_Proto_SYNTAXRM;
CODPNT arg = 0; Error Code Value = 3
org.apache.derby.impl.drda.DRDAProtocolException: Execution failed because of a
Distributed Protocol Error: DRDA_Proto_SYNTAXRM; CODPNT arg = 0; Error Code
Value = 3
at
org.apache.derby.impl.drda.DRDAConnThread.throwSyntaxrm(DRDAConnThread.java:468)
at
org.apache.derby.impl.drda.DDMReader.readDssHeader(DDMReader.java:348)
at
org.apache.derby.impl.drda.DRDAConnThread.exchangeServerAttributes(DRDAConnThread.java:1024)
at
org.apache.derby.impl.drda.DRDAConnThread.sessionInitialState(DRDAConnThread.java:618)
at
org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:264)
The text "Execution failed because of a Distributed Protocol Error:
DRDA_Proto_SYNTAXRM; CODPNT arg = 0; Error Code Value = 3"
should be changed to "Execution failed because of a Distributed Protocol Error:
DRDA_Proto_SYNTAXRM; CODPNT arg = 0; Error Code Value = 3. SSL connection
attempt to plaintext server?
--------------------------------------------------
An finally: The docs should state that a plaintext server or client has no way
to know whether the ther side is an SSL enabled derby client/server or some
prgram using a totally different protocol, and thus the error messages you get
might seem a bit awkward.
> Obscure error messages when using SSL in various combinations
> -------------------------------------------------------------
>
> Key: DERBY-2796
> URL: https://issues.apache.org/jira/browse/DERBY-2796
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.0.0
> Reporter: Rick Hillegas
> Assignee: Bernt M. Johnsen
> Fix For: 10.3.0.0
>
> Attachments: ssltest.html
>
>
> I ran clients with various ssl configurations on their urls and startup
> options against servers with various ssl configurations. I will attach an
> html file recording my results. I feel that many of the error conditions
> raised diagnostics which were too obscure to be helpful. I think this will be
> burdensome to tech support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
