Oops. Sorry for the confusion. It's checked in just now. Apologies, Trustin
On 7/30/07, Trustin Lee <[EMAIL PROTECTED]> wrote: > Yep. I've just checked in the fix. Wanted to fix it before you run > the test, but I was too busy. :( > > HTH, > Trustin > > PS: Please reply to [email protected], not directly to me. > > On 7/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Trustin, > > > > That fix didn't work. I believe the issue is that within > > SSLHandler.handshake(NextFilter) it checks for the initialHandshakeComplete > > attribute to be false to do anything, where initialHandshakeComplete will > > be true for a re-negotiation. Below is the debug from the logs after > > running the test: > > > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > > bytesConsumed = 0 bytesProduced = 0 > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Renegotiating... > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] doHandshake() > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 > > lim=148 cap=1024: 67 28 DC 02 B1 5A FC 31 1C 72 B8 BA 7B FD C9 97 66 FB 71 > > E5 C0 10 B0 CA 28 4C 75 F0 38 6B 71 24 8F B7 CC 9C 27 06 C6 63 AF F1 10 B3 > > 7E 44 30 82 C4 34 1C 6D 5C 26 31 7B 90 AB 5A 92 46 26 19 D8 2C C0 3E 3C DB > > 99 A5 31 57 3F 86 7F 18 C4 9B E6 21 8D 8E 7D A3 5A 8C ED F2 82 40 DC 19 52 > > EB B4 81 04 09 D3 B4 26 FC C1 E4 D1 69 43 A0 FE D1 4B F3 43 B4 E0 B6 D9 B2 > > B3 44 B1 C7 C3 B5 CB 7B 41 25 F4 BB 87 26 7E CB 71 16 5A 7F 63 32 A3 6D 85 > > 23 9A 16 DE]) > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] unwrap() > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=916 cap=16665] > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=33330 cap=33330] > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > > bytesConsumed = 0 bytesProduced = 0 > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Renegotiating... > > 20070729 225017 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] doHandshake() > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 > > lim=284 cap=512: 17 03 01 01 17 8F 86 6F CF BA C2 44 57 AD FA 00 25 F1 A0 > > 4D 57 B7 EB E0 B9 38 7E C5 0E 98 6C 1D 99 14 2F 3D BA D3 C3 CB 74 C4 22 B0 > > 2C 62 2F B0 13 DB 42 1B 48 C5 E3 63 40 44 A0 FB 98 A1 AB 0C 8A 89 3B 60 03 > > 2D 04 A3 8E 4A A3 6E 92 70 60 7C FA 09 2C F7 82 AF EF BC 17 D4 FC 14 FB 44 > > F7 89 20 F4 32 6C 0A 2F 40 85 B5 0C 46 F3 0B 24 25 1A 63 2D 27 C0 AF E0 37 > > 84 93 E3 F5 BE 3E AE 03 F3 7E 52 C2 4C 82 FC 22 F2 E1 91 04 55 F6 A3 FB ED > > 06 74 89 1A 5B 52 D1 B0 38 10 92 B4 A0 CA D0 F7 69 EF 4F B0 CD D0 87 B8 37 > > 1E 92 3F 28 B3 6C A5 3D 63 6B 22 43 F3 7B 4D 30 03 E8 DC B2 40 19 D5 D6 43 > > 0E AD D5 1C B1 4A 4F 0D DC F2 A1 0D 0A E8 62 57 38 B4 9B CA 4D 14 87 DB A7 > > 83 8D 07 D8 D8 08 B5 05 18 4B A9 13 5D 62 8A E6 7E A8 4F AC 01 A5 F9 0B 93 > > EB 89 7A 81 E2 71 AC 5B 6C 92 83 03 BB B5 08 9A 0F C1 57 85 9A 9B 29 54 B7 > > 66 E8 60 8A 14 09 82 E0 D2 66 F7 A7 E0 DF 22]) > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] unwrap() > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=1200 cap=16665] > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=33330 cap=33330] > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > > bytesConsumed = 0 bytesProduced = 0 > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Renegotiating... > > 20070729 225107 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] doHandshake() > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Data Read: [EMAIL PROTECTED] (HeapBuffer[pos=0 > > lim=23 cap=512: 15 03 01 00 12 6E AA 7C E6 8C 14 0D 7E F2 04 4D DB FD 99 86 > > BB 9D AA]) > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] unwrap() > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] inNetBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=1223 cap=16665] > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] appBuffer: java.nio.DirectByteBuffer[pos=0 > > lim=33330 cap=33330] > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Unwrap res:Status = OK HandshakeStatus = NEED_TASK > > bytesConsumed = 0 bytesProduced = 0 > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Renegotiating... > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] doHandshake() > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Closed: [EMAIL PROTECTED] > > 20070729 225157 dev-core1 -1 > > com.verisign.cag.protocol.srsepp.SRSEPPSourceHandler LOG4J DEBUG > > [/10.169.65.194:54064] Unexpected exception from SSLEngine.closeInbound(). > > javax.net.ssl.SSLException: Inbound closed before receiving peer's > > close_notify: possible truncation attack? > > at > > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) > > at > > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1360) > > at > > com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1328) > > at > > com.sun.net.ssl.internal.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1267) > > at > > org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:164) > > at org.apache.mina.filter.SSLFilter.sessionClosed(SSLFilter.java:367) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53) > > at > > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:632) > > at > > org.apache.mina.common.IoFilterAdapter.sessionClosed(IoFilterAdapter.java:65) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.access$800(AbstractIoFilterChain.java:53) > > at > > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(AbstractIoFilterChain.java:632) > > at > > org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.sessionClosed(AbstractIoFilterChain.java:483) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(AbstractIoFilterChain.java:269) > > at > > org.apache.mina.common.support.AbstractIoFilterChain.fireSessionClosed(AbstractIoFilterChain.java:264) > > at > > org.apache.mina.common.support.IoServiceListenerSupport.fireSessionDestroyed(IoServiceListenerSupport.java:208) > > at > > org.apache.mina.transport.socket.nio.SocketIoProcessor.doRemove(SocketIoProcessor.java:170) > > at > > org.apache.mina.transport.socket.nio.SocketIoProcessor.access$700(SocketIoProcessor.java:44) > > at > > org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:432) > > at > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:39) > > at > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) > > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) > > at java.lang.Thread.run(Thread.java:619) > > > > > > > > Trustin Lee wrote: > > > > > > I've just checked in the fix for the infinite loop bug you found. > > > > > > I didn't deploy the snapshot JAR yet, so you will have to build MINA > > > by yourself. Please refer to our developer guide on how to build the > > > latest source code: > > > > > > http://mina.apache.org/developer-guide.html > > > > > > Please let me know if it fixes the problem. If it doesn't, please > > > provide DEBUG log. > > > > > > Thanks, > > > Trustin > > > > > > On 7/30/07, Trustin Lee <[EMAIL PROTECTED]> wrote: > > >> Hi James, > > >> > > >> On 7/30/07, James Gould <[EMAIL PROTECTED]> wrote: > > >> > > > >> > The following is the code snippet within SSLHandler.unwrap() to ensure > > >> that > > >> > handshake tasks are taken care of instead of causing an infinite loop. > > >> Any > > >> > thoughts or comments? > > >> > > >> The handshake status during unwrap() must be NOT_HANDSHAKING. > > >> Otherwise, it means the connection entered renegotiation. Did you > > >> change cipher set or something else after handshake is finished? > > >> > > >> Anyway, unwrap doesn't properly handle renegotiation. Thanks for > > >> reporting a critical bug! Let me try to fix the buf and reply to this > > >> thread again. > > >> > > >> Thanks, > > >> Trustin > > >> -- > > >> what we call human nature is actually human habit > > >> -- > > >> http://gleamynode.net/ > > >> -- > > >> PGP Key ID: 0x0255ECA6 > > >> > > > > > > > > > -- > > > what we call human nature is actually human habit > > > -- > > > http://gleamynode.net/ > > > -- > > > PGP Key ID: 0x0255ECA6 > > > > > > > > Quoted from: > > http://www.nabble.com/Endless-Loop-in-SSLHandler.unwrap-causing-Mina-Gateway-to-Hang-tf4166136s16868.html#a11856715 > > > > > > > -- > what we call human nature is actually human habit > -- > http://gleamynode.net/ > -- > PGP Key ID: 0x0255ECA6 > -- what we call human nature is actually human habit -- http://gleamynode.net/ -- PGP Key ID: 0x0255ECA6
