Webrick HTTPS produces some SSL stack trace.
--------------------------------------------
Key: JRUBY-3694
URL: http://jira.codehaus.org/browse/JRUBY-3694
Project: JRuby
Issue Type: Bug
Components: OpenSSL
Affects Versions: JRuby-OpenSSL 0.5
Environment: jruby 1.3.0RC2 (ruby 1.8.6p287) (2009-05-21 3aadd8a)
(Java HotSpot(TM) 64-Bit Server VM 1.6.0_07) [x86_64-java]
Reporter: Brice Figureau
Attachments: 0007-Implement-some-missing-SSLSocket-methods.patch,
test_webrick.rb
Descriptiont:
-----------------
With the latest jruby, jruby-openssl + the patches I contributed in JRUBY-3689,
JRUBY-3690, JRUBY-3691, JRUBY-3692, JRUBY-3692 + the patch in this bug report
to add some needed missing methods, webrick produces some java stack trace.
Analysis:
------------
javax.net.ssl.SSLSession.getPeerCertificates() throws
SSLPeerUnverifiedException if the client is not authenticated.
That's a real issue, because that means there is no way to get access to the
peer certificate unless it is already valid for the current server CA.
This is not the same behavior in MRI, and this behavior is important to be able
to run Puppet with webrick as Puppet manages its own PKI.
Note that the error is produced by webrick when trying to get access to the
peer certificate to populate the request that will be handed to the webrick
servlet.
I don't see any immediate fix for this issue :-(
Note that it doesn't seem to prevent webrick to run, it's only if your servlet
needs to get access to the certficate _or_ if you run webrick in
OpenSSL::VERIFY_PEER mode, I guess.
Steps to reproduce:
--------------------------
1) Start the included mini webrick HTTPS server:
jruby test_webrick.rb
2) In another terminal/host Launch the stub client, and type the HTTP request,
followed by 2 returns.
% openssl s_client -host localhost -port 2000
...
GET / HTTP/1.0
3) Look to the webrick console in the first terminal, and see the following
issue:
...
May 24, 2009 6:00:36 PM org.jruby.ext.openssl.SSLSocket peer_cert
SEVERE: null
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.jruby.ext.openssl.SSLSocket.peer_cert(SSLSocket.java:517)
at
org.jruby.ext.openssl.SSLSocket$i_method_0_0$RUBYINVOKER$peer_cert.call(org/jruby/ext/openssl/SSLSocket$i_method_0_0$RUBYINVOKER$peer_cert.gen)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:258)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:77)
at org.jruby.ast.CallNoArgNode.interpret(CallNoArgNode.java:61)
at org.jruby.ast.InstAsgnNode.interpret(InstAsgnNode.java:95)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:112)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at
org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:173)
at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:151)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:278)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:117)
at org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:225)
at
org.jruby.ast.RescueNode.interpretWithJavaExceptions(RescueNode.java:147)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:110)
at org.jruby.ast.EnsureNode.interpret(EnsureNode.java:96)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.WhileNode.interpret(WhileNode.java:131)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at
org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:173)
at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:151)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:278)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:117)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:114)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:225)
at
org.jruby.ast.RescueNode.interpretWithJavaExceptions(RescueNode.java:147)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:110)
at org.jruby.ast.EnsureNode.interpret(EnsureNode.java:96)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at
org.jruby.runtime.InterpretedBlock.evalBlockBody(InterpretedBlock.java:218)
at org.jruby.runtime.InterpretedBlock.yield(InterpretedBlock.java:206)
at org.jruby.runtime.BlockBody.call(BlockBody.java:72)
at org.jruby.runtime.BlockBody.call(BlockBody.java:78)
at org.jruby.runtime.Block.call(Block.java:89)
at org.jruby.RubyProc.call(RubyProc.java:220)
at org.jruby.RubyProc.call(RubyProc.java:203)
at org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:92)
at java.lang.Thread.run(Thread.java:637)
May 24, 2009 6:00:36 PM org.jruby.ext.openssl.SSLSocket peer_cert_chain
SEVERE: null
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:401)
at org.jruby.ext.openssl.SSLSocket.peer_cert_chain(SSLSocket.java:532)
at
org.jruby.ext.openssl.SSLSocket$i_method_0_0$RUBYINVOKER$peer_cert_chain.call(org/jruby/ext/openssl/SSLSocket$i_method_0_0$RUBYINVOKER$peer_cert_chain.gen)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:258)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:77)
at org.jruby.ast.CallNoArgNode.interpret(CallNoArgNode.java:61)
at org.jruby.ast.InstAsgnNode.interpret(InstAsgnNode.java:95)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.IfNode.interpret(IfNode.java:112)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at
org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:173)
at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:151)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:278)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:117)
at org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:225)
at
org.jruby.ast.RescueNode.interpretWithJavaExceptions(RescueNode.java:147)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:110)
at org.jruby.ast.EnsureNode.interpret(EnsureNode.java:96)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.WhileNode.interpret(WhileNode.java:131)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at
org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:173)
at
org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:151)
at
org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:278)
at
org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:117)
at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
at org.jruby.ast.IfNode.interpret(IfNode.java:114)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
at org.jruby.ast.RescueNode.executeBody(RescueNode.java:225)
at
org.jruby.ast.RescueNode.interpretWithJavaExceptions(RescueNode.java:147)
at org.jruby.ast.RescueNode.interpret(RescueNode.java:110)
at org.jruby.ast.EnsureNode.interpret(EnsureNode.java:96)
at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104)
at
org.jruby.runtime.InterpretedBlock.evalBlockBody(InterpretedBlock.java:218)
at org.jruby.runtime.InterpretedBlock.yield(InterpretedBlock.java:206)
at org.jruby.runtime.BlockBody.call(BlockBody.java:72)
at org.jruby.runtime.BlockBody.call(BlockBody.java:78)
at org.jruby.runtime.Block.call(Block.java:89)
at org.jruby.RubyProc.call(RubyProc.java:220)
at org.jruby.RubyProc.call(RubyProc.java:203)
at org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:92)
at java.lang.Thread.run(Thread.java:637)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
